ChadT
Reconnaissance Detection (Blue Team)
As we move through this Red Team vs. Blue Team series, our intent is to provide insight into both sides of the struggle. That said, detecting reconnaissance activity is something that few blue teams s[…]
Investigating PowerShell: Command and Script Logging
PowerShell is becoming ubiquitous in the Microsoft ecosystem, and, while it simplifies administration, it opens up a nearly unprecedented suite of capabilities for attackers. Nearly every malicious ac[…]
Registry Analysis with CrowdResponse
The third release of the free CrowdResponse incident response collection tool is now available! This time around we include plugins that facilitate the collection of Windows registry data. Our inspira[…]
Mo' Shells Mo' Problems - Web Server Log Analysis
Disclaimer: CrowdStrike derived this information from investigations in unclassified environments. Since we value our clients’ privacy and interests, some data has been redacted or sanitized. Web shel[…]