loader from loading.io

DFSP # 461 PSEXEC

Digital Forensic Survival Podcast

Release Date: 12/17/2024

DFSP # 489 Hidden Gateways show art DFSP # 489 Hidden Gateways

Digital Forensic Survival Podcast

info_outline DFSP # 488 SSH & Red Herrings show art DFSP # 488 SSH & Red Herrings

Digital Forensic Survival Podcast

info_outline DFSP # 487 Unmasking Malicious Activity with 4688 show art DFSP # 487 Unmasking Malicious Activity with 4688

Digital Forensic Survival Podcast

info_outline DFSP # 486 Squid Games show art DFSP # 486 Squid Games

Digital Forensic Survival Podcast

info_outline DFSP # 485 Certifiably Suspicious show art DFSP # 485 Certifiably Suspicious

Digital Forensic Survival Podcast

info_outline DFSP # 485 BAM! Packing Punch show art DFSP # 485 BAM! Packing Punch

Digital Forensic Survival Podcast

This week, I delve into the Windows BAM artifact, unraveling its forensic significance and exploring how it can unlock critical insights in digital investigations.

info_outline DFSP # 483 Cooking up Forensics with Chef show art DFSP # 483 Cooking up Forensics with Chef

Digital Forensic Survival Podcast

In this week’s episode, I delve into strategies for integrating CHEF into your security investigations, unlocking new avenues for proactive defense and effective incident response.

info_outline DFSP # 482 Unlocking Clues from Bash and Hidden Keys show art DFSP # 482 Unlocking Clues from Bash and Hidden Keys

Digital Forensic Survival Podcast

This week, we’re pulling back the curtain on SSH from a digital forensics perspective.

info_outline DFSP # 481 Triage outside the Core show art DFSP # 481 Triage outside the Core

Digital Forensic Survival Podcast

In this week’s episode, I dive into rapid triage techniques for non-core Windows executables to uncover signs of malicious activity.

info_outline DFSP # 480 Hidden risks of nested groups show art DFSP # 480 Hidden risks of nested groups

Digital Forensic Survival Podcast

This week, I’m talking about nested groups in Windows Active Directory and the security risks they pose. Active Directory allows administrators to attach one group to another—often called nesting. While nesting can simplify account administration and permission management, it can also create real opportunities for attackers if...

info_outline
 
More Episodes

This week, we’re diving into how to triage for PSEXEC evidence. PSEXEC leaves traces on both the source and target systems, making it essential to identify artifacts on each to determine whether a system was used as an attacker’s tool or was the target of an attack. While PSEXEC has somewhat fallen out of favor due to increased use of PowerShell for similar activities, it remains a commonly abused utility among attackers. In this episode, we’ll break down the key artifacts and methodologies for effective triage.