Posts tagged: malware-analysis

HTB Sherlock - Unit 42: Sysmon Log Analysis & UltraVNC Intrusion Detection

DFIR analysis of Sysmon logs to detect and investigate an UltraVNC-based intrusion campaign, focusing on file creation events, process execution, and network indicators.