🪟 Windows Artefacts
🏺 LSA
*This article centres around the crowned queen of the Windows kingdom: LSA (lsass.exe), a darling among attackers for the sheer power it wields.
Windows Backups
Shadow Copies are exactly those pieces of data that get saved on disk when the system restore option is enabled. Once triggered, these files restore the system to the previous state. It’s very useful when you are not an expert in PC and something weird is happening. However, not only ordinary people find this feature useful. Some bad guys might try to cover their tracks which can sometimes be undone with this feature.
🏞️ Thumbnails
*These are created when a user switches a folder to thumbnail mode or views pictures via a slide show. *
🗑️ Recycle Bin
This is about … .
🫱🏽🫲🏾 Shares
Admins would get mad very quickly if they had to physically access every machine they needed to configure or patch. Admin shares are hidden folders to be accessed remotely, typically over SMB.
🏺 Accounts
To carry out nearly any action on a system, one requires an account, which is typically safeguarded by passwords or other credentials. Hence, it is crucial to understand why attackers exhibit such a strong interest in acquiring them.
🏺 Cache
This is about … .
🏺 LNK files
This is about … .
🏺 Credentials
This article is about credentials, the keys to the realm.
🏺 ADS
This is about … .