Tag: Microsoft

Dfir

Windows Command Line cheatsheet (part 2): WMIC

This command-line tool is really useful for both penetration testing and forensics tasks The previous article has raised interest in readers regarding WMIC.So I decided to write an article dedicated to this tool. If you’ve done any scripting for the Windows platform, you’ve probably bumped into the Windows Management Instrumentation (WMI) scripting API, which can […]

Dfir

Detecting Lateral Movement through tracking Windows Events

A research by Japan Computer Emergency Response Team   With “lateral movement’ we identify the techniques that enable an adversary to access and control remote systems on a network: an attacker can use lateral movement for many purposes, including remote execution of tools, pivoting to additional systems, access to specific information or files, access to additional […]