#artifactsofautumn — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #artifactsofautumn, aggregated by home.social.
-
🦖Day 92 (THE LAST DAY!) of the @velocidex #velociraptor #ArtifactsOfAutumn series
Artifact: Exchange\.Windows.EventLogs.WonkaVision
Link: https://docs.velociraptor.app/exchange/artifacts/pages/windows.eventlogs.wonkavision
----
WonkaVision is a proof of concept (POC) tool to analyze Kerberos tickets and attempt to determine if they are forged (ex. #GoldenTicket), created by @exploitph and @4ndr3w6S.
https://github.com/0xe7/WonkaVision
Presentation:
https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_SANS_Hackfest_2022_revised.pdf----
This artifact can run WonkaVision, then collect its generated Windows event logs. From the event logs, we can detect potentially forged Kerberos tickets.
----
This concludes the #ArtifactsOfAutumn. Hope you enjoyed it, and thanks for all of the support!
#DFIR
#Forensics
#GoldenTicket
#infosec
#ThreatHunting
#WonkaVision