#investigationpath β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #investigationpath, aggregated by home.social.
-
Investigation Scenario π
A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085
What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.
-
Investigation Scenario π
A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085
What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.
-
Investigation Scenario π
A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085
What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.
-
Investigation Scenario π
A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085
What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.
-
Investigation Scenario π
A host on your network downloaded a file with this SHA256 hash: 9297af5f66486d11540f15b44d4b6beec6ff89dbc4dcdee898db9a7daaa76085
What do you look for to investigate whether the malware infected the host? You can only make two queries -- make them count.
-
Investigation Scenario π
You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.
What do you look for to investigate whether an incident occurred and the extent of its impact?
-
Investigation Scenario π
You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.
What do you look for to investigate whether an incident occurred and the extent of its impact?
-
Investigation Scenario π
You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.
What do you look for to investigate whether an incident occurred and the extent of its impact?
-
Investigation Scenario π
You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.
What do you look for to investigate whether an incident occurred and the extent of its impact?
-
Investigation Scenario π
You've discovered a user workstation with the Chrome Remote Desktop plugin installed. There's no business reason for the user to have this plugin, and they don't recall installing it.
What do you look for to investigate whether an incident occurred and the extent of its impact?
-
Investigation Scenario π
While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".
What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.
-
Investigation Scenario π
While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".
What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.
-
Investigation Scenario π
While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".
What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.
-
Investigation Scenario π
While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".
What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.
-
Investigation Scenario π
While creating new user accounts in Active Directory, you find that several legitimate user accounts with no apparent connection are part of an undocumented group named "test".
What do you look for to investigate whether an incident occurred? Focus on the efficiency of your investigative actions here.
-
Investigation Scenario π
A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.
What do you look for to investigate whether an incident occurred on the corporate network?
-
Investigation Scenario π
A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.
What do you look for to investigate whether an incident occurred on the corporate network?
-
Investigation Scenario π
A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.
What do you look for to investigate whether an incident occurred on the corporate network?
-
Investigation Scenario π
A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.
What do you look for to investigate whether an incident occurred on the corporate network?
-
Investigation Scenario π
A high-level company exec received an email that someone logged into their social media account from a country they were not in. The exec noted that they use the same password in several places.
What do you look for to investigate whether an incident occurred on the corporate network?
-
Investigation Scenario π
You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.
What evidence do you look for to prove the belief?
-
Investigation Scenario π
You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.
What evidence do you look for to prove the belief?
-
Investigation Scenario π
You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.
What evidence do you look for to prove the belief?
-
Investigation Scenario π
You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.
What evidence do you look for to prove the belief?
-
Investigation Scenario π
You believe a Linux server was used as a jump box to pivot into another network segment, but the network traffic would not have crossed a sensor boundary for logging.
What evidence do you look for to prove the belief?
-
Investigation Scenario π
You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You run IT for a public high school. A teacher observed a student using AI to generate ideas for accessing the school grading system and reported it.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A user reports their hard drive is full, but they don't know why. While investigating, you find a series of large, password-protected RAR files that the user knows nothing about.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You've discovered a host with multiple instances of Chrome running the --hidden option.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You've discovered a host with multiple instances of Chrome running the --hidden option.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You've discovered a host with multiple instances of Chrome running the --hidden option.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You've discovered a host with multiple instances of Chrome running the --hidden option.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
You've discovered a host with multiple instances of Chrome running the --hidden option.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
Browser history for an HR user shows repeated visits to chat.openai[.]com, followed by creation of C:\Users\chris\AppData\Local\Temp\cleanup[.]ps1. The file is not available, and the hash shows no matches in OSINT resources.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A host on your network executed the command βnetsh wlan show profileβ for the first time.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A host on your network executed the command βnetsh wlan show profileβ for the first time.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A host on your network executed the command βnetsh wlan show profileβ for the first time.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A host on your network executed the command βnetsh wlan show profileβ for the first time.
What do you look for to investigate whether an incident occurred?
-
Investigation Scenario π
A host on your network executed the command βnetsh wlan show profileβ for the first time.
What do you look for to investigate whether an incident occurred?