Explore >> Select a destination

You are here

 www.khyrenz.com
Updated again! Automated USB artefact parsing from the Registry and Event Log
| | www.geekrant.org
Windows 10 close desktop: default action | Geek Rant dot org
2.6 parsecs away

Travel
| | [AI summary] The article explains how to modify the Windows 10 registry to change the default desktop close action from Shut Down back to Log Off.
| | ogmini.github.io
BelkaCTF 6 - Bogus Bill Tasks 1-5 | ogmini - Exploration of DFIR
4.6 parsecs away

Travel
| | Did a few of the tasks from a previous BelkaCTF as a warmup for this weekend. Solutions are written using Open Source or Free tools. I like to validate the findings from tools whenever possible. I've always appreciated that iLEAPP provides the location of where it found artifacts so that an analyst can manually parse if needed.
| | scriptjunkie.us
Authenticated Remote Code Execution Methods in Windows « Thoughts on Security
4.7 parsecs away

Travel
| | [AI summary] The post details eight specific Windows features and services, such as SCM and Task Scheduler, that can be exploited to perform authenticated remote code execution on networked systems.
| | blog.sqlterritory.com
How to test connectivity to the SQL Server - SQLTerritory.com
29.7 parsecs away

Travel
| Quick guide how to use builtin Universal Data Link (*.udl) Windows functionality to test connectivity to the SQL Server instances. Step-by-step instruction.