Oct 17 min readLateral Movement - Remote Desktop Protocol (RDP) Event LogsIdentify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.
Jul 286 min readRDP Bitmap Cache - Piece(s) of the PuzzleInvestigate the puzzle pieces of RDP bitmap cache and how to stitch these together to get the (sorta) full picture.
Jun 195 min readWindows Defender MP Logs - A Story of ArtifactsWhat are the Windows Defender MP logs? What information do they contain and how can we use them in an investigation?
Mar 284 min readMinimizing Malicious Script ExecutionLearn some quick wins to minimize malicious script execution.