Found via cyber-ir.com: This paper is the best I have ever read on how to build IOC’s with Windows Event ID’s. I highly recommend you to read it, it contains very useful information and some very interesting behavioural examples of attacker activity. If you are looking to enhance your detection in your core network this is the document!Read more
How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I’ll give some real live examples of using these ported GnuWin tools like
grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.
Just stumbled upon: Forensic Log Parsing with Microsoft’s LogParser. Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.Read more
25 Most Popular Tags
Proudly hosted by
Email: email@example.com (remove no-spam)
15 Most popular entry posts you might like
- List all SPNs used in your Active Directory
- Remove IIS Server version HTTP Response Header
- PowerShell return value, exit code, or ErrorLevel equivalent
- Explicit Congestion Notification (ECN) slows down outbound connections
- 5 Extra ways to clean up disk space in Windows Server
- Disk Cleanup in Windows Server
- Tunnel RDP through SSH & PuTTY
- WsusPool keeps crashing: stops again and again
- HTTP to HTTPS redirect using IIS web.config
- Fatal error: Uncaught Error:  operator not supported for strings – PHP 7.1
- MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated!
- "The length of the URL for this request exceeds the configured maxUrlLength value"
- Fix "Could not establish trust relationship for the SSL/TLS secure channel" error
- How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10
- Set IIS Application Pool recycle defaults to Specific Times, not Regular Time Interval