Offensive Tool Analysis
Hunting HackTools with Event IDs
This site summarizes the results of examining logs recorded in Windows upon execution of the 49 tools which are likely to be used by the attacker that has infiltrated a network. The following logs were examined. Note that it was confirmed that traces of tool execution is most likely to be left in event logs. Accordingly, examination of event logs is the main focus here.
Analysis of Switches
This page goes into deep detail about switches of specific hacktools and what they do. Useful for trying to figure out what exactly adversary commands were doing.
Hunting for Impacket
Good article on hunting for Impacket execution within your environment.
Last updated