Oct 17 min readLateral Movement - Remote Desktop Protocol (RDP) Event LogsIdentify the important Windows Event logs to hunt RDP lateral movement, both from the source and target system.
Jul 286 min readRDP Bitmap Cache - Piece(s) of the PuzzleInvestigate the puzzle pieces of RDP bitmap cache and how to stitch these together to get the (sorta) full picture.
Jun 195 min readWindows Defender MP Logs - A Story of ArtifactsWhat are the Windows Defender MP logs? What information do they contain and how can we use them in an investigation?
May 86 min readSUM UAL - Investigating Server Access with User Access LoggingLearn what the SUM UAL database is and how it can help make or break DFIR analysis.
Mar 284 min readMinimizing Malicious Script ExecutionLearn some quick wins to minimize malicious script execution.
Mar 115 min readEvidence of Program Existence - AmcacheLearn the mystery of the Amcache artifact and how to use it in your DFIR cases