Hello Reader,
Tonight we just had a short testing session (8 minutes of actual testing) were we checked in on last nights test. Here is what we learned:
Tonight we just had a short testing session (8 minutes of actual testing) were we checked in on last nights test. Here is what we learned:
- The time delay did not effect our results
- A shutdown/power on did not add a new entries
- The registry explorer and hasher entries still had no hash
- We still saw no entries for the other mimikatz executables
On the next broadcast we will be testing the same behavior in Windows 7 and parsing the whole MFT and Syscache rather than individual records to make sure we aren't missing anything.
You can watch the video here:
Also Read: Daily Blog #598
Post a Comment