Introduction:- Analyze the logs of an affected workstation to determine the attacker's indicators of compromise.
#elkhunt #threathunting #sysmon #ELK #WindowsInvestigation #TryHackMe #incidentresponse
Chapters:-
0:00 - ELKHunt - Introduction
1:42 - Date & Time Filtering
5:13 - Suspicious IP - Inspection
6:38 - Process Name Forensics
9:07 - Process CommandLine Forensics
13:50 - WinPEAS
15:12 - Registry Query Hunt
15:46 - Malicious .msi Package
16:27 - Malicious Account Creation
17:52 - Malicious CURL requests
18:43 - Attacker Persistence
19:55 - Password BruteForce
22:32 - Data Exfiltration
Topics Covered:-
Incident Investigation for malware forensics
Malicious Attacker windows compromise investigation
CURL based data exfiltration
Malware Hunting using Sysmon.
