Forensics
Memory Dump
Extract "text" content from a running notepad.exe process
Download procdump.exe & volatility.
Endpoint Analysis
Windows
Start with Network Connections
Looking at shares
Attackers like to have staging systems on the inside of a network
Pull files to one location and then exfil out
Host system opening up shares is not a good idea. Unlike a file share server. Use a host firewall to deny new shares being created.
Last updated