Finding Forensic Goodness In Obscure Windows Event Logs

Image for post
Image for post
Event Viewer

Microsoft-Windows-Shell-Core/Operational

Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

Microsoft-Windows-WinINet-Config/ProxyConfigChanged

Image for post
Image for post

Microsoft-Windows-VHDMP-Operational

Image for post
Image for post
Image for post
Image for post

OAlerts (Office Alerts)

Microsoft-Windows-WLAN-AutoConfig/Operational

Image for post
Image for post

Microsoft-Windows-Winlogon/Operational

Image for post
Image for post
Image for post
Image for post

Microsoft-Windows-Windows Firewall With Advanced Security/Firewall

Image for post
Image for post

Microsoft-Windows-UniversalTelemetryClient/Operational

Microsoft-Windows-Security-Mitigations/KernelMode

Conclusion

#ThreatHunting #WindowsInternals #Malware #DFIR and occasionally #Python.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store