- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Windows Event Logs — Security | Artifact of the Day
This one log file proves who broke into your network.
Artifact of the Day | DFIR Media
• You find suspicious logins at 3am. Where's the proof?
• Security.evtx holds every authentication attempt on Windows systems.
• Event 4624 shows successful logins. Event 4625 reveals failed attempts.
• Logon Type 10 means RDP. Type 3 is network access.
• Event 4688 with command-line logging exposes every process the attacker ran.
• Parse it fast with Hayabusa, Chainsaw, or EvtxECmd.
AI-generated narration | DFIR Media
Видео Windows Event Logs — Security | Artifact of the Day канала DFIR Lab
Artifact of the Day | DFIR Media
• You find suspicious logins at 3am. Where's the proof?
• Security.evtx holds every authentication attempt on Windows systems.
• Event 4624 shows successful logins. Event 4625 reveals failed attempts.
• Logon Type 10 means RDP. Type 3 is network access.
• Event 4688 with command-line logging exposes every process the attacker ran.
• Parse it fast with Hayabusa, Chainsaw, or EvtxECmd.
AI-generated narration | DFIR Media
Видео Windows Event Logs — Security | Artifact of the Day канала DFIR Lab
Комментарии отсутствуют
Информация о видео
27 мая 2026 г. 19:43:03
00:00:35
Другие видео канала
AI Detection Rule Generation
AI Detection Rule Generation
.bash_history and Shell History | Artifact of the Day
Linux Crontab Entries | Artifact of the Day
AI Alert Triage
Ransomware Response Playbook | IR Playbook
T1070 — Indicator Removal | MITRE Spotlight
BITS Jobs (Background Intelligent Transfer Service) | Artifact of the Day
T1190 — Exploit Public-Facing Application | MITRE Spotlight
PCAP Files | Artifact of the Day
SRUM — System Resource Usage Monitor | Artifact of the Day
macOS Unified Logs | Artifact of the Day
Volume Shadow Copies (VSS) | Artifact of the Day
macOS KnowledgeC.db | Artifact of the Day
Cobalt Strike Beacon Detection Patterns | Detection Rule Friday
Shellbags | Artifact of the Day
PCAP Files | Artifact of the Day
Attack Surface Scan
Memory Forensics — Process Listing | Artifact of the Day
Service Installation from Unusual Directories | Detection Rule Friday
Google Safe Browsing Check
