top of page

Search

AnyDesk - Investigating Threat Actors Favorite Tool
AnyDesk is a commonly abused, but legitimate RMM tool. Learn about the artifacts left behind and how to investigate AnyDesk abuse.
Mar 127 min read

A BITS of a Problem - Investigating BITS Jobs
Investigate BITS jobs and identify the event logs and database associated with this!
Jan 78 min read

Lateral Movement - Remote Desktop Protocol (RDP) Artifacts
Learn about the various artifacts created to help investigate lateral movement via RDP on both the source and target system
Nov 18, 202410 min read

Lateral Movement - Remote Desktop Protocol (RDP) Event Logs
Identify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.
Oct 1, 20247 min read

SUM UAL - Investigating Server Access with User Access Logging
Learn what the SUM UAL database is and how it can help make or break DFIR analysis.
May 8, 20246 min read

Linux Forensics - Collecting a Triage Image Using The UAC Tool
Learn how to take a triage image of a *nix based system using the UAC tool.
Apr 27, 20245 min read


Respond and Investigate a Compromised Google Workspace User
Learn how to respond and investigate a compromised Google Workspace user.
Apr 16, 20246 min read

Minimizing Malicious Script Execution
Learn some quick wins to minimize malicious script execution.
Mar 28, 20244 min read

Evidence of Program Existence - Amcache
Learn the mystery of the Amcache artifact and how to use it in your DFIR cases
Mar 11, 20245 min read

Evidence of Program Existence - Shimcache
Learn what Shimcache is, how to analyze it, and why it's misunderstood.
Jan 21, 20244 min read

Artifacts of Execution: Prefetch - Part One
Learn how to identify what programs were executed during an incident with the Prefetch artifact
Oct 9, 20235 min read

Cloud Incident Response: Investigating AWS Incidents
Learn the basics of AWS investigations and the logs that exist.
Sep 22, 20238 min read

Sysmon: When Visibility is Key
Learn why visibility is everything when responding to an incident.
Aug 18, 20235 min read

A LNK To The Past: Utilizing LNK Files For Your Investigations
We've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...
Aug 12, 20235 min read
bottom of page