ozales

Recently, I attempted to participate in my first CTF, hosted by the DFIR Report. This experience humbled me and made me realise the knowledge gaps I have, particularly in one area: Windows processes. In this article, I document the normal behaviour of Windows authentication processes and log behaviour in Splunk. What you will read here…