Post IR Investigation - MoveIT Exploit - HTB Sherlocks - I Like To

00:00 - Introduction
01:10 - Going over the questions
03:50 - Examing the forensic acquisition files
07:10 - Dumping the SAM Database to get hashes of the local accounts
12:25 - Running MFTECmd to convert the MFT (Master File Table) Dump to a JSON and CSV
15:35 - Analyzing the IIS Access Log
22:30 - Showing the files the attacker accessed in the Access Log
27:00 - Grabbing the Moveit metasploit script since the useragent hinted at metasploit being ran …

accounts acquisition csv database dumping exploit file files forensic hashes htb introduction investigation json local master mft moveit questions running sam