Nov. 17, 2023, 11:04 p.m. | IppSec

IppSec www.youtube.com

00:00 - Introduction
01:10 - Going over the questions
03:50 - Examing the forensic acquisition files
07:10 - Dumping the SAM Database to get hashes of the local accounts
12:25 - Running MFTECmd to convert the MFT (Master File Table) Dump to a JSON and CSV
15:35 - Analyzing the IIS Access Log
22:30 - Showing the files the attacker accessed in the Access Log
27:00 - Grabbing the Moveit metasploit script since the useragent hinted at metasploit being ran …

accounts acquisition csv database dumping exploit file files forensic hashes htb introduction investigation json local master mft moveit questions running sam

Information Security Engineers

@ D. E. Shaw Research | New York City

Security Operations Analyst | Connected Technology Group

@ KPMG Australia | Melbourne, Australia

Database Security Engineer Lead, Vice President

@ MUFG | Tampa - 4050 West Boy Scout Blvd.

Consultant, Offensive Security, Cyber Risk

@ Kroll | New Delhi, India

Ethical hacker / Pentester H/F

@ Hifield | Sèvres, France

Digital Trust Cyber Transformation Consultant

@ KPMG India | Mumbai, Maharashtra, India