Deep Blue Lab Investigation - Blue Team Labs Online

A Windows workstation was recently compromised, and evidence suggests it was an attack against internet-facing RDP, then Meterpreter was deployed to conduct 'Actions on Objectives'. Can you verify these findings? You have been provided with the Security.evtx and System.evtx log exports from the compromised system - you should analyze these, NOT the Windows logs generated by the lab machine (when using DeepBlueCLI ensure you're providing the path to these files, stored inside \Desktop\Investigation\. Reading Material: https://github.com/sans-blue-team/DeepBlueCLI Lab Link: https://blueteamlabs.online/home/investigation/deep-blue-a4c18ce507