IR Employee Fell for a Call Center - HTB Sherlocks - Tick Tock

00:00 - Introduction
07:50 - Analyzing the files we have
11:45 - Using Impacket to dump local creds
16:28 - Running MFTECmd to process MFT File and Chainsaw to process logs. These take a while
22:15 - Looking at the Prefetch files to see what programs have been run
29:00 - Looking at the Teamviewer log file
38:15 - Looking at the Firefox History to see when they downloaded TeamViewer
46:15 - Looking at the Chainsaw hunt output... Probably not …

call center chainsaw employee file files htb impacket introduction local logs mft prefetch process running tick tick tock tock