Application whitelisting is the practice of specifying an index of approved software applications that are permitted to be present and active on a computer system.
During investigation in a security incident, event log analysis is a key element.
During a forensic analysis of a Windows system, it is often critical to understand when and how a particular process has been started.
Microsoft Terminal Services Remote Desktop Protocol (RDP) is a great feature that allows the interactive use or administration of a remote Windows system. However, it can be also used by an attacker, with compromised domain credentials, to move laterally across the local network.
The security researcher Marius Tivadar has discovered a vulnerability on Windows NTFS filesystem and published a proof-of-concept code on GitHub that could be used to cause Blue Screen of Death within seconds on most Windows computers.