Windows and Linux Threat Hunting
9 May 2021
19 June 2021
Table of Contents
Windows and Linux Threat Hunting
- Windows ASEPs
- https://cyberforensicator.com/2019/04/25/characteristics-and-detectability-of-windows-auto-start-extensibility-points-in-memory-forensics/
- https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/
- https://www.sans.org/blog/offline-autoruns-revisited-auditing-malware-persistence/
- Windows 11 Artifacts
- Prefetch
- Link Files
- Jumplists
- Recycle Bin
- Amcache
- AppCompatCache
- Registry
- Event Logs
- https://github.com/EricZimmerman?tab=repositories
- Persistence
AuditD
shadow files
btrfsecryptfsext2ext3ext4fusefuseblkjfsnfsoverlayramfsreiserfstmpfsudfvfatxfs
- rockstarL
- Windows and Linux Threat Hunting 9 May 2021
- Detecting the "Next" SolarWinds-Style Cyber Attack 18 April 2021
- Hardening SaaS 17 April 2021
- DFIR vs EDR vs Malware Analysis vs Cyber Crime vs Legally Admissible Digital Forensics vs Law Enforcement . (Don't get it twisted. ) 12 April 2021
- Microsoft Cyberattack Simulator 9 April 2021