top of page
Search
Lateral Movement - Remote Desktop Protocol (RDP) Event Logs
Identify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.
Oct 1, 20247 min read
RDP Bitmap Cache - Piece(s) of the Puzzle
Investigate the puzzle pieces of RDP bitmap cache and how to stitch these together to get the (sorta) full picture.
Jul 28, 20246 min read
SUM UAL - Investigating Server Access with User Access Logging
Learn what the SUM UAL database is and how it can help make or break DFIR analysis.
May 8, 20246 min read
Evidence of Program Existence - Amcache
Learn the mystery of the Amcache artifact and how to use it in your DFIR cases
Mar 11, 20245 min read
Sysmon: When Visibility is Key
Learn why visibility is everything when responding to an incident.
Aug 18, 20235 min read
A LNK To The Past: Utilizing LNK Files For Your Investigations
We've all heard of "Link" or "LNK" files, right? You want a faster way to open your favorite game, document or application without need...
Aug 12, 20235 min read
bottom of page