Posts tagged: dfir
3 posts
January 9, 2026
HTB Sherlock - MangoBleed
DFIR analysis of a compromised MongoDB server to investigate MangoBleed vulnerability exploitation, identify attacker activity, and perform rapid triage analysis of collected artifacts.
Read More → November 21, 2025
HTB Sherlock - Unit 42: Sysmon Log Analysis & UltraVNC Intrusion Detection
DFIR analysis of Sysmon logs to detect and investigate an UltraVNC-based intrusion campaign, focusing on file creation events, process execution, and network indicators.
Read More → January 22, 2025
System Monitor (Sysmon)
System Monitor (Sysmon) is a Windows system service and device driver that monitors and logs system activity to the Windows event log, providing detailed information about process creation, network connections, and file changes.
Read More →