Detecting PsExec Usage
In this episode, we're going to look at a variety of methods you can use to determine whether or not a system was the recipient of a PsExec connection. While you may already be familiar with some of these detections, there's a good chance you haven't seen them all!
** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. **
📖 Chapters
00:00 - Intro
03:03 - Demo 1
05:09 - Event Log Analysis 1
09:01 - Demo 2
09:56 - Event Log Analysis 2
10:56 - Shimcache Analysis
15:46 - The Key to Identify PsExec
17:55 - Prefetch Analysis
21:38 - Recap
🛠 Resources
The Key to Identify PsExec:
https://dfirdominican.com/the-key-to-...
Prefetch Deep Dive:
• Prefetch Deep Dive
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
Watch video Detecting PsExec Usage online without registration, duration hours minute second in high quality. This video was added by user 13Cubed 10 July 2023, don't forget to share it with your friends and acquaintances, it has been viewed on our site 11,51 once and liked it 34 people.