Windows RDP-Related Event Logs: Identification, Tracking, and Investigation | Ponder The Bits
FOR508
Windows Event ID 1029 Hashes
'Applied Incident Response Scripts
Appendix L - Events to Monitor
Windows Security Log Encyclopedia
Windows event log analyst reference
20170612ac ir research en
Event Log
AmCache Investigation - SANS Digital Forensics & Incident Response Summit 2019
UVWATAUAVAWH – Meet The Pushy String | Hexacorn
Cracking Assembly — Function Prolog and Epilog in x64
Microsoft Public Symbol Server - Windows drivers
Default windows processes quick reference
Memory analysis with volatlity analyst reference
GitHub - mandiant/capa: The FLARE team's open-source tool to identify capabilities in executable files.
Sigcheck - Sysinternals
GIAC Certified Forensic Analyst | Digital Forensics Certification
GIAC CyberLive Hands-On Certifications
Better GIAC Testing with Pancakes – Lesley Carhart's Cybersecurity Blog
Iir vol37 focused1 en
Filter windows
aws-incident-response-playbooks/playbooks at master · aws-samples/aws-incident-response-playbooks
Contribute to aws-samples/aws-incident-response-playbooks development by creating an account on GitHub.
I Solemnly Swear My Driver Is Up to No Good: Hunting for Attestation Signed Malware | Mandiant
Kansa for Enterprise Scale Threat Hunting, Jonathan Ketchum.pdf
Structured & Task-Driven Threat Hunting
In the Fall of 2019, I joined the Splunk Global Security organization to build Splunk’s internal threat hunting program. Over a few months…
GitHub - Yamato-Security/EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs.
Documentation and scripts to properly enable Windows event logs. - GitHub - Yamato-Security/EnableWindowsLogSettings: Documentation and scripts to properly enable Windows event logs.
GitHub - orlikoski/CyLR: CyLR - Live Response Collection Tool
CyLR - Live Response Collection Tool. Contribute to orlikoski/CyLR development by creating an account on GitHub.
Dissect
Demystifying the “SVCHOST.EXE” Process and Its Command Line Options
Understanding the “svchost.exe” process and its command line options
Tuned and curated Winlogbeats config file
Tuned and curated Winlogbeats config file · GitHub