Offensive Tool Analysis
Last updated
Last updated
This site summarizes the results of examining logs recorded in Windows upon execution of the 49 tools which are likely to be used by the attacker that has infiltrated a network. The following logs were examined. Note that it was confirmed that traces of tool execution is most likely to be left in event logs. Accordingly, examination of event logs is the main focus here.
This page goes into deep detail about switches of specific hacktools and what they do. Useful for trying to figure out what exactly adversary commands were doing.
Good article on hunting for Impacket execution within your environment.