Digital Forensics & Incident Response
Search…
⌃K
Digital Forensics & Incident Response
Search…
⌃K
Welcome
General Notes
Install and Configure ZeroTier client
S3FS Fuse and MinIO
Enable nested VT-X/AMD-V
mitm proxy
Exploring Volume Shadow Copies Manually
Resize VMDK/VDI
Resize VMDK on ESXi
Convert raw to vmdk
Favicon hashing and hunting with Shodan
WinRM/RemotePS
MinIO/S3/R2 ghost files
Microsoft Defender KQL
Introduction to KQL
Windows Forensics
PsExec
PsExec and NTUSER data
Security Patch/KB Install Date
Linux Forensics
Inspecting RPM/DEB packages
Common Locations
ESXi Forensics
Understanding ESXi
General Notes
Triage and Imaging
ESXi VMFS Exploration
Memory Forensics
Volatility
Acquisition
Incident Response
VirusTotal & hash lists
Unix-like Artifacts Collector (UAC)
Acquiring Linux VPS via SSH
AVML dump to SMB / AWS
China Chopper webshell
Logging Powershell activities
Compromised UniFi Controller
AnyDesk Remote Access
iOS Forensics
Checkm8 / checkra1n acquisitions/extractions
CTF / Challenges
DEFCON 2019 forensics
Tomcat shells
Magnet Weekly CTF
DFIR Madness CTF
Log Files
Windows
Malware Analysis
PDF Analysis
Walking the VAD tree
OpenCTI
What is CTI/OpenCTI?
Setting up OpenCTI
Container Management
Configure Connectors
Vulnerability Management
Setting Up Nessus (Essentials)
Troubleshooting
Privacy
Powered By
GitBook
PsExec
Here are the articles in this section:
PsExec and NTUSER data
Microsoft Defender KQL - Previous
Introduction to KQL
Next
PsExec and NTUSER data
Last modified
2mo ago
