Learn how to pull reports remotely and gather information about a security incident or suspect behavior with almost no setup and a single mouse click.
You think your WINDOWS endpoint is infected, or suspect inappropriate behavior! Now what? Is it disconnected from the network? Is it safe to turn it back on? Let's find out with open source tools in this workshop. The first half we will dive into the file system. Go over some ways that attackers can infect end points, and learn how we can find indicators of compromise on a suspect system. In the second half, we will use some free and open source tools to complete a mini CTF using what we learned to find out if, how, and when we have been compromised in this Windows focused workshop.
