home.social

#investigationpath β€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #investigationpath, aggregated by home.social.

  1. Investigation Scenario πŸ”Ž

    A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085

    What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.

    #InvestigationPath #DFIR #SOC

  2. Investigation Scenario πŸ”Ž

    A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085

    What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.

    #InvestigationPath #DFIR #SOC

  3. Investigation Scenario πŸ”Ž

    A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085

    What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.

    #InvestigationPath #DFIR #SOC

  4. Investigation Scenario πŸ”Ž

    A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085

    What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.

    #InvestigationPath #DFIR #SOC

  5. Investigation Scenario πŸ”Ž

    A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085

    What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.

    #InvestigationPath #DFIR #SOC

  6. Investigation Scenario πŸ”Ž

    You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.

    What do you look for to investigate whether an incident occurred and the extent of its impact?

    #InvestigationPath #DFIR #SOC

  7. Investigation Scenario πŸ”Ž

    You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.

    What do you look for to investigate whether an incident occurred and the extent of its impact?

    #InvestigationPath #DFIR #SOC

  8. Investigation Scenario πŸ”Ž

    You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.

    What do you look for to investigate whether an incident occurred and the extent of its impact?

    #InvestigationPath #DFIR #SOC

  9. Investigation Scenario πŸ”Ž

    You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.

    What do you look for to investigate whether an incident occurred and the extent of its impact?

    #InvestigationPath #DFIR #SOC

  10. Investigation Scenario πŸ”Ž

    You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.

    What do you look for to investigate whether an incident occurred and the extent of its impact?

    #InvestigationPath #DFIR #SOC

  11. Investigation Scenario πŸ”Ž

    While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".

    What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.

    #InvestigationPath #DFIR #SOC

  12. Investigation Scenario πŸ”Ž

    While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".

    What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.

    #InvestigationPath #DFIR #SOC

  13. Investigation Scenario πŸ”Ž

    While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".

    What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.

    #InvestigationPath #DFIR #SOC

  14. Investigation Scenario πŸ”Ž

    While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".

    What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.

    #InvestigationPath #DFIR #SOC

  15. Investigation Scenario πŸ”Ž

    While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".

    What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.

    #InvestigationPath #DFIR #SOC

  16. Investigation Scenario πŸ”Ž

    A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.

    What do you look for to investigate whether an incident occurred on the corporate network?

    #InvestigationPath #DFIR #SOC

  17. Investigation Scenario πŸ”Ž

    A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.

    What do you look for to investigate whether an incident occurred on the corporate network?

    #InvestigationPath #DFIR #SOC

  18. Investigation Scenario πŸ”Ž

    A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.

    What do you look for to investigate whether an incident occurred on the corporate network?

    #InvestigationPath #DFIR #SOC

  19. Investigation Scenario πŸ”Ž

    A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.

    What do you look for to investigate whether an incident occurred on the corporate network?

    #InvestigationPath #DFIR #SOC

  20. Investigation Scenario πŸ”Ž

    A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.

    What do you look for to investigate whether an incident occurred on the corporate network?

    #InvestigationPath #DFIR #SOC

  21. Investigation Scenario πŸ”Ž

    You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.

    What evidence do you look for to prove the belief?

    #InvestigationPath #DFIR #SOC

  22. Investigation Scenario πŸ”Ž

    You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.

    What evidence do you look for to prove the belief?

    #InvestigationPath #DFIR #SOC

  23. Investigation Scenario πŸ”Ž

    You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.

    What evidence do you look for to prove the belief?

    #InvestigationPath #DFIR #SOC

  24. Investigation Scenario πŸ”Ž

    You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.

    What evidence do you look for to prove the belief?

    #InvestigationPath #DFIR #SOC

  25. Investigation Scenario πŸ”Ž

    You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.

    What evidence do you look for to prove the belief?

    #InvestigationPath #DFIR #SOC

  26. Investigation Scenario πŸ”Ž

    You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  27. Investigation Scenario πŸ”Ž

    You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  28. Investigation Scenario πŸ”Ž

    You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  29. Investigation Scenario πŸ”Ž

    You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  30. Investigation Scenario πŸ”Ž

    You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  31. Investigation Scenario πŸ”Ž

    A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  32. Investigation Scenario πŸ”Ž

    A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  33. Investigation Scenario πŸ”Ž

    A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  34. Investigation Scenario πŸ”Ž

    A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  35. Investigation Scenario πŸ”Ž

    A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  36. Investigation Scenario πŸ”Ž

    You've discovered a host with multiple instances of Chrome running the --hidden option.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  37. Investigation Scenario πŸ”Ž

    You've discovered a host with multiple instances of Chrome running the --hidden option.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  38. Investigation Scenario πŸ”Ž

    You've discovered a host with multiple instances of Chrome running the --hidden option.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  39. Investigation Scenario πŸ”Ž

    You've discovered a host with multiple instances of Chrome running the --hidden option.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  40. Investigation Scenario πŸ”Ž

    You've discovered a host with multiple instances of Chrome running the --hidden option.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  41. Investigation Scenario πŸ”Ž

    Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  42. Investigation Scenario πŸ”Ž

    Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  43. Investigation Scenario πŸ”Ž

    Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  44. Investigation Scenario πŸ”Ž

    Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  45. Investigation Scenario πŸ”Ž

    Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  46. Investigation Scenario πŸ”Ž

    A host on your network executed the command β€œnetsh wlan show profile” for the first time.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  47. Investigation Scenario πŸ”Ž

    A host on your network executed the command β€œnetsh wlan show profile” for the first time.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  48. Investigation Scenario πŸ”Ž

    A host on your network executed the command β€œnetsh wlan show profile” for the first time.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  49. Investigation Scenario πŸ”Ž

    A host on your network executed the command β€œnetsh wlan show profile” for the first time.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC

  50. Investigation Scenario πŸ”Ž

    A host on your network executed the command β€œnetsh wlan show profile” for the first time.

    What do you look for to investigate whether an incident occurred?

    #InvestigationPath #DFIR #SOC