Windows forensics: Hacking mind map: https://www.marcolancini.it/2018/blog-hacker-playbook-mindmap/ Detecting lateral movement: http://blog.jpcert.or.jp/.s/2017/12/research-report-released-detecting-lateral-movement-through-tracking-event-logs-version-2.html Powershell windows forensics: https://github.com/WiredPulse/PoSh-R2 Powershell windows forensics: https://github.com/Invoke-IR/PowerForensics Powershell windows forensics: https://github.com/gfoss/PSRecon Powershell windows forensics: https://github.com/davehull/Kansa http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/ Ref: http://windowsir.blogspot.fr/ Situation The situation was pretty straight-forward; a system (Win7SP1) had been identified as having been infected with malware at one point. What had been determined from theContinue reading “Hacking: Windows forensics”
Jacques Dalbera's IT world 