Learn to balance speed and thoroughness in MDR investigations using Kill Chain analysis and Likelihood vs Impact matrices to make fast, defensible decisions under pressure.
Microsoft SQL Server forensics and threat hunting guide covering registry paths, log locations, attack indicators, and configuration analysis for compromised SQL Server instances.
Investigation uncovered three distinct incidents where threat actors weaponized Velociraptor, a legitimate DFIR tool, for persistent command-and-control access. Attackers exploited SharePoint and WSUS vulnerabilities, installed Velociraptor as a Windows service communicating through Cloudflare tunnels, and deployed secondary tools including VS Code, OpenSSH, and TightVNC. One incident linked to Storm-2603 resulted in Warlock ransomware deployment.
Key Windows Registry locations for persistence mechanisms, user activity traces, and IOC hunting in malware analysis and forensic investigations for DFIR professionals.
Critical Windows event IDs, logon types, and log locations for threat hunting and incident response, including Security.evtx, PowerShell logs, and Chainsaw analysis techniques.
