Explore >> Select a destination
|
You are here 
|
bohops.com | ||
| | | | |
countuponsecurity.com
|
|
| | | | | Following our last article about the Prefetch artifacts we will now move into the Windows Registry. When conducting incident response and digital forensics on Windows operating systems one of the sources of evidence that is normally part of every investigation is the Windows Registry. The Windows Registry is an important component of the OS and... | |
| | | | |
www.khyrenz.com
|
|
| | | | | Let me start by saying that, yes: many tools already exist to parse information out of the Windows Registry and/or the Event Log. However, while I was conducting my own tool validation processes (see https://github.com/khyrenz/tool_validation), I realised that very few tools parse this information out and automatically populate the kind of table that I would be adding into my forensic report.So... I did a bit of R&D, and I present to you a Python script that does just that; creatively named pars | |
| | | | |
www.cybereason.com
|
|
| | | | | Cybereason GSOC observed distribution of the Bumblebee Loader and post-exploitation activities including privilege escalation, reconnaissance and credential theft. Bumblebee operators use the Cobalt Strike framework throughout the attack and abuse credentials for privilege escalation to access Active Directory, as well as abusing a domain administrator account to move laterally, create local user accounts and exfiltrate data... | |
| | | | |
www.koi.security
|
|
| | | |||
