Learning Objectives Understand the advantages and goals of PCAP AnalysisHow to pivot into and away from PCAP Analysis (how to use findings for quicker analysis)Common tools to useHow data reduction aids in investigations Common Tools SnortTcpdumpWireSharkTShark Tools Covered Here SnortTcpdumpWireshark Notes Keep solid notes on your thinking around evidence and …Read More »
How to Allow Multiple RDP Sessions in Windows 10 and 11?
Remote users can connect to their Windows 10 and 11 computers via the Remote Desktop Services (RDP). It is enough to enable RDP in the device settings and connect to the computer using any Remote Desktop client. But there is a restriction on the number of simultaneous RDP sessions – …Read More »
RDP Authentication Artifacts for DFIR Purpose
A good detection technique to spot Remote Desktop Connections that are exposed to the internet is to scan RDP event logs for any events where the source IP is a non-RFC 1918 address. This provides you a good way to check for locations that may be port forwarding RDP, like …Read More »