Active Directory

Specific detections can largely be found in MITRE ATT&CK Tactics and Techniques


adsecurity.org is a very helpful starting point.

https://adsecurity.org/?page_id=4031


bluteamblog.com

https://blueteamblog.com/18-ways-to-detect-malcious-actions-in-your-active-directory-logs-using-siem


"A curated list of offensive security tools and their respective commands, to be used against Windows/AD environments"

https://wadcoms.github.io/