This log allows us to keep track of what files, registry, and other system components were accessed.
Have you ever wonder what artifacts are generated during a Registry Run Key from a defender point of view? We will find out in this module.
Registry Run Key allow program to run at user login. This can be used for attacker to maintain persistence
In this module, we going explore activity that make process suspicious
This is a cheat sheet of Logon Type in Window Event Log