Derek King has published another post as part of his “Hunting with Splunk: The Basics” series. This time he is discussing lateral movement – one of the key indicators when you actually have an APT in your network as Ryan Kovar said.
-
Using MITRE ATT&CK for Forensics: BITS Jobs (T1197)
If you are doing incident response, you must know what MITRE ATT&CK is. As it’s … -
Parsing Carved EVTX Records Using EvtxECmd
Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space… -
PowerShell and Python Together: Targeting Digital Investigations
A new book by Chet Hosmer has been released. The book will teach you how to use PowerShell…
Load More Related Articles
-
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch fi… -
Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools fro… -
Analyzing the Windows LNK File Attack Method
An interesting post by D3xt3r’s Malware Laboratory describing another example of usi…
Load More In Tips & Tricks
