Table of Contents
Windows and Linux Threat Hunting
- Windows ASEPs
- https://cyberforensicator.com/2019/04/25/characteristics-and-detectability-of-windows-auto-start-extensibility-points-in-memory-forensics/
- https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/
- https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/
- Windows 11 Artifacts
- Prefetch
- Link Files
- Jumplists
- Recycle Bin
- Amcache
- AppCompatCache
- Registry
- Event Logs
- https://github.com/EricZimmerman?tab=repositories
- Persistence
AuditD
shadow files
btrfs
ecryptfs
ext2
ext3
ext4
fuse
fuseblk
jfs
nfs
overlay
ramfs
reiserfs
tmpfs
udf
vfat
xfs
Research
- Threat Hunting Using Sysmon
- Sigma Fall of Fame