top of page

Search

AnyDesk - Investigating Threat Actors Favorite Tool
AnyDesk is a commonly abused, but legitimate RMM tool. Learn about the artifacts left behind and how to investigate AnyDesk abuse.
Mar 127 min read

A BITS of a Problem - Investigating BITS Jobs
Investigate BITS jobs and identify the event logs and database associated with this!
Jan 78 min read

Lateral Movement - Remote Desktop Protocol (RDP) Artifacts
Learn about the various artifacts created to help investigate lateral movement via RDP on both the source and target system
Nov 18, 202410 min read

Lateral Movement - Remote Desktop Protocol (RDP) Event Logs
Identify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.
Oct 1, 20247 min read


RDP Bitmap Cache - Piece(s) of the Puzzle
Investigate the puzzle pieces of RDP bitmap cache and how to stitch these together to get the (sorta) full picture.
Jul 28, 20246 min read

Windows Defender MP Logs - A Story of Artifacts
What are the Windows Defender MP logs? What information do they contain and how can we use them in an investigation?
Jun 19, 20245 min read

SUM UAL - Investigating Server Access with User Access Logging
Learn what the SUM UAL database is and how it can help make or break DFIR analysis.
May 8, 20246 min read

Minimizing Malicious Script Execution
Learn some quick wins to minimize malicious script execution.
Mar 28, 20244 min read

Evidence of Program Existence - Amcache
Learn the mystery of the Amcache artifact and how to use it in your DFIR cases
Mar 11, 20245 min read
bottom of page