The DFIR Report (@TheDFIRReport )

The DFIR Report

Bio real intrusions by real attackers, the truth behind the intrusion
Tweets 23
Followers 587
Following 18
Account created 03-04-2020 01:33:43
ID 1245886895458078722

Twitter Web App : H. C:\arvey MISP We didnt see Defender Control during this intrusion and we didnt see any commands run or reg keys created around that time, which leads us to believe it was manually turned off but cant confirm. Heres the log