#shownotes for @gamesatwork_biz #podcast e409 are done, and publication set for tomorrow on https://www.gamesatwork.biz and all your favorite podcast feeds! Topics this week include Spotify’s #WonkaVision #metaverse #AI #GPT #MrsDavis #MicrosoftMesh #SL20B #DiabloIV and more!
#DiabloIV #sl20b #MicrosoftMesh #MrsDavis #gpt #AI #metaverse #wonkavision #Podcast #shownotes
🦖Day 92 (THE LAST DAY!) of the @velocidex #velociraptor #ArtifactsOfAutumn series
Artifact: Exchange\.Windows.EventLogs.WonkaVision
Link: https://docs.velociraptor.app/exchange/artifacts/pages/windows.eventlogs.wonkavision
----
WonkaVision is a proof of concept (POC) tool to analyze Kerberos tickets and attempt to determine if they are forged (ex. #GoldenTicket), created by @exploitph and @4ndr3w6S.
https://github.com/0xe7/WonkaVision
Presenation:
https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_SANS_Hackfest_2022_revised.pdf
----
This artifact can run WonkaVision, then collect its generated Windows event logs. From the event logs, we can detect potentially forged Kerberos tickets.
----
This concludes the #ArtifactsOfAutumn. Hope you enjoyed it, and thanks for all of the support!
#DFIR
#Forensics
#GoldenTicket
#infosec
#ThreatHunting
#WonkaVision
#velociraptor #artifactsofautumn #goldenticket #dfir #forensics #infosec #threathunting #wonkavision