https://bluecapesecurity.com/courses/free-emotet-maldoc-analysis/lessons/emotet-maldoc-analysis/topic/maldocs-emotet-word-document-analysis/2022-03-16T12:56:15-07:00https://bluecapesecurity.com/courses/free-emotet-maldoc-analysis/lessons/emotet-maldoc-analysis/topic/emotet-vba-code-analysis/2024-03-12T22:35:11-07:00https://bluecapesecurity.com/courses/free-emotet-maldoc-analysis/lessons/emotet-maldoc-analysis/topic/emotet-maldoc-demonstration/2024-04-04T12:12:19-07:00https://bluecapesecurity.com/topic/welcome/2023-09-05T17:46:10-07:00https://bluecapesecurity.com/topic/build-your-windows-lab/2023-09-07T14:37:34-07:00https://bluecapesecurity.com/topic/1-2-living-off-the-land-tools/2023-02-06T17:01:45-08:00https://bluecapesecurity.com/topic/2-1-credential-dumping-attacks/2023-02-07T17:29:38-08:00https://bluecapesecurity.com/topic/2-2-remote-authentication-attacks/2023-02-07T17:30:08-08:00https://bluecapesecurity.com/topic/3-1-windows-internals-splunk-analysis/2023-02-28T14:02:45-08:00https://bluecapesecurity.com/topic/4-1-data-collections/2023-03-08T09:06:52-08:00https://bluecapesecurity.com/topic/4-2-memory-analysis/2023-03-21T19:58:45-07:00https://bluecapesecurity.com/topic/4-3-disk-analysis/2023-03-29T12:15:58-07:00https://bluecapesecurity.com/topic/4-4-malware-analysis/2023-03-29T12:17:45-07:00https://bluecapesecurity.com/topic/6-1-ransomware-attack-simulation/2023-04-04T16:00:21-07:00https://bluecapesecurity.com/topic/6-2-ransomware-attack-investigation/2023-04-19T09:01:04-07:00https://bluecapesecurity.com/topic/7-8-apts-threat-intel-and-threat-hunting/2023-04-26T09:06:57-07:00https://bluecapesecurity.com/topic/9-cloud-incident-response/2023-05-03T12:35:29-07:00https://bluecapesecurity.com/topic/10-incident-response-management/2023-05-03T12:36:30-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/welcome-to-practical-windows-forensics/topic/welcome-and-course-introduction/2023-07-06T07:03:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/3-data-collection-process/topic/forensic-process-overview/2023-07-06T07:21:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/3-data-collection-process/topic/target-system-containment/2023-06-14T11:32:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/3-data-collection-process/topic/memory-acquisition-of-the-target-system/2024-05-29T15:54:45-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/3-data-collection-process/topic/disk-acquisition-of-the-target-system/2023-07-06T07:23:25-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/4-examination-of-the-forensic-data/topic/data-examination-process-overview/2023-07-06T07:23:59-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/4-examination-of-the-forensic-data/topic/mounting-the-disk-image-with-arsenal-image-mounter/2023-07-06T07:24:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/4-examination-of-the-forensic-data/topic/overview-of-windows-files-and-forensic-artifacts/2023-07-06T07:24:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/4-examination-of-the-forensic-data/topic/creating-a-triage-data-collection-with-kape/2023-07-06T07:24:32-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-disk-analysis-introduction/topic/sources-of-evidence-and-disk-analysis-process-overview/2023-06-13T21:37:28-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-disk-analysis-introduction/topic/notes-taking-and-course-materials/2023-07-06T07:53:28-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/windows-registry-overview/2023-07-06T07:54:35-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/exploring-the-registry-with-registry-explorer/2023-06-13T21:37:13-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/gathering-system-information-with-regripper/2023-07-06T07:54:53-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/regripper-analysis-continued/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/parsing-registry-hives-in-bulk-with-regripper/2023-07-06T08:00:14-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/user-accounts-and-sids-overview/2023-07-06T08:00:27-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-1-windows-registry-analysis/topic/analysis-of-user-accounts-groups-and-profiles/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-2-user-behavior-analysis/topic/user-behavior-analysis-overview/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-2-user-behavior-analysis/topic/userassist-analysis/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-2-user-behavior-analysis/topic/recentdocs-analysis/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-2-user-behavior-analysis/topic/shellbags-analysis/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-3-overview-of-disk-structures-partitions-and-file-systems/topic/what-is-a-file-system/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-3-overview-of-disk-structures-partitions-and-file-systems/topic/exploring-disk-structures-and-the-ntfs/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-4-analysis-of-the-master-file-table-mft/topic/overview-of-mft-records/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-4-analysis-of-the-master-file-table-mft/topic/analysis-of-mft-records-with-mftecmd/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-4-analysis-of-the-master-file-table-mft/topic/mft-parsing-and-in-depth-analysis-with-mftecmd/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-4-analysis-of-the-master-file-table-mft/topic/file-timestamps-and-the-macb-timestamp-format/2023-07-06T08:01:42-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-4-analysis-of-the-master-file-table-mft/topic/investigating-file-timestomping/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-5-finding-evidence-of-deleted-files-with-usn-journal-analysis/topic/how-can-we-find-evidence-of-deleted-files/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-5-finding-evidence-of-deleted-files-with-usn-journal-analysis/topic/analyzing-the-usn-journal-for-deleted-files/2023-06-13T21:37:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/execution-artifacts-introduction/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/analyzing-the-background-activity-moderator-bam/2023-07-06T08:03:58-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/analysis-of-the-application-compatibility-cache-shimcache/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/overview-of-the-amcache/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/analyzing-the-amcache-with-amcacheparser/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/bonus-amcache-in-depth-analysis-and-why-scheduled-tasks-matter/2023-07-06T08:04:25-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/windows-prefetch-analysis-with-pecmd/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-6-analyzing-evidence-of-program-execution/topic/windows-prefetch-timeline-analysis/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-7-finding-evidence-of-persistence-mechanisms/topic/analyzing-windows-run-keys-with-registry-explorer-and-regripper/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-7-finding-evidence-of-persistence-mechanisms/topic/how-to-find-evidence-of-persistence-in-startup-folders/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-7-finding-evidence-of-persistence-mechanisms/topic/windows-services-overview-and-analysis/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-7-finding-evidence-of-persistence-mechanisms/topic/detecting-and-analyzing-malicious-scheduled-tasks/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-7-finding-evidence-of-persistence-mechanisms/topic/persistence-mechanisms-analysis-with-sysinternals-autoruns/2023-07-06T08:05:06-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/analyzing-windows-event-logs-with-eventlogexplorer-and-evtxecmd/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/windows-defender-event-log-analysis/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/analyzing-service-installs-using-the-system-event-log/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/security-event-log-and-authentication-events/2023-07-06T08:06:00-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/authentication-events-and-logon-ids/2023-07-06T08:06:31-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/powershell-event-logs-overview/2023-06-13T21:36:57-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/analyzing-malicious-powershell-events/2023-07-06T08:06:53-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/overview-of-the-sysmon-event-log-and-relevant-event-ids/2023-07-06T08:07:14-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/detecting-malicious-events-in-sysmon-event-logs/2023-07-06T08:07:33-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/setting-up-volatility3-in-the-ubuntu-environment/2023-07-06T08:08:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/important-files-for-memory-analysis/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/gathering-windows-system-information-with-volatility3/2023-07-06T08:08:39-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/detecting-suspicious-windows-processes/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/dumping-processes-from-the-memory/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/detecting-and-analyzing-injected-dlls/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/identifying-process-owners-and-associated-sids/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/6-windows-memory-analysis/topic/detecting-and-analyzing-malicious-registry-key-entries-from-memory/2023-07-06T08:09:20-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/super-timeline-analysis-process-and-important-requirements/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/preparing-tools-and-converting-the-disk-image-with-qemu/2023-07-06T08:09:58-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/memory-timeline-creation-with-volatility3/2023-07-06T08:11:30-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/creating-a-timeline-of-the-disk-image-with-plaso-tools-and-log2timeline/2023-07-06T08:11:58-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/merging-timelines-with-mactime-parser-and-creating-a-super-timeline/2023-07-06T08:12:52-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/super-timeline-overview-with-timeline-explorer/2023-07-06T08:13:14-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/7-kitchen-sink-analysis-with-super-timelines/topic/analyzing-malicious-activity-using-the-super-timeline/2023-07-06T08:13:34-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/8-reporting/topic/considerations-and-reporting-types/2023-06-13T21:36:21-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/9-final/topic/wrap-up-and-next-steps/2023-07-06T08:20:29-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis/topic/windows-event-logs-overview/2023-07-06T08:05:33-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/welcome-to-practical-windows-forensics/topic/resoures-and-materials-overview/2023-07-06T08:23:16-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/welcome-to-practical-windows-forensics/topic/pwf-course-roadmap/2023-07-06T08:24:26-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-lab-overview/topic/lab-setup-overview/2023-06-14T11:40:45-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-1-setting-up-your-forensic-workstation/topic/build-your-forensic-workstation-tutorial-and-downloads/2025-01-14T16:24:38-08:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-1-setting-up-your-forensic-workstation/topic/virtualbox-and-windows-2019-vm-installation/2025-01-14T16:34:47-08:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-1-setting-up-your-forensic-workstation/topic/wsl-and-ubuntu-installation-on-windows-2019-server/2023-07-06T07:10:39-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-1-setting-up-your-forensic-workstation/topic/wsl-and-ubuntu-installation-on-windows-10-alternative/2023-07-06T07:10:52-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-1-setting-up-your-forensic-workstation/topic/forensic-workstation-windows-configuration/2023-06-14T11:35:25-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-1-setting-up-your-forensic-workstation/topic/downloading-and-installing-forensic-tools/2024-08-05T09:38:43-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-2-prepare-your-target-system/topic/download-and-install-the-windows-10-vm/2025-01-14T16:51:08-08:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-2-prepare-your-target-system/topic/target-system-configuration-and-attack-script-preparation/2023-07-06T07:16:14-07:00https://bluecapesecurity.com/courses/practical-windows-forensics/lessons/2-2-prepare-your-target-system/topic/execute-the-attack-script-on-the-target-system/2023-07-06T07:20:22-07:00https://bluecapesecurity.com/topic/welcome-and-course-introduction-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/resoures-and-materials-overview-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/pwf-course-roadmap-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/lab-setup-overview-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/build-your-forensic-workstation-tutorial-and-downloads-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/virtualbox-and-windows-2019-vm-installation-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/wsl-and-ubuntu-installation-on-windows-2019-server-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/wsl-and-ubuntu-installation-on-windows-10-alternative-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/forensic-workstation-windows-configuration-2/2023-07-10T05:45:36-07:00https://bluecapesecurity.com/topic/downloading-and-installing-forensic-tools-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/download-and-install-the-windows-10-vm-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/target-system-configuration-and-attack-script-preparation-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/execute-the-attack-script-on-the-target-system-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/forensic-process-overview-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/target-system-containment-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/memory-acquisition-of-the-target-system-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/disk-acquisition-of-the-target-system-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/data-examination-process-overview-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/mounting-the-disk-image-with-arsenal-image-mounter-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/overview-of-windows-files-and-forensic-artifacts-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/creating-a-triage-data-collection-with-kape-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/sources-of-evidence-and-disk-analysis-process-overview-2/2023-07-10T05:45:37-07:00https://bluecapesecurity.com/topic/notes-taking-and-course-materials-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/windows-registry-overview-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/exploring-the-registry-with-registry-explorer-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/gathering-system-information-with-regripper-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/regripper-analysis-continued-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/parsing-registry-hives-in-bulk-with-regripper-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/user-accounts-and-sids-overview-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/analysis-of-user-accounts-groups-and-profiles-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/user-behavior-analysis-overview-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/userassist-analysis-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/recentdocs-analysis-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/shellbags-analysis-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/what-is-a-file-system-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/exploring-disk-structures-and-the-ntfs-2/2023-07-10T05:45:38-07:00https://bluecapesecurity.com/topic/overview-of-mft-records-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/analysis-of-mft-records-with-mftecmd-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/mft-parsing-and-in-depth-analysis-with-mftecmd-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/file-timestamps-and-the-macb-timestamp-format-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/investigating-file-timestomping-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/how-can-we-find-evidence-of-deleted-files-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/analyzing-the-usn-journal-for-deleted-files-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/execution-artifacts-introduction-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/analyzing-the-background-activity-moderator-bam-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/analysis-of-the-application-compatibility-cache-shimcache-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/overview-of-the-amcache-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/analyzing-the-amcache-with-amcacheparser-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/bonus-amcache-in-depth-analysis-and-why-scheduled-tasks-matter-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/windows-prefetch-analysis-with-pecmd-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/windows-prefetch-timeline-analysis-2/2023-07-10T05:45:39-07:00https://bluecapesecurity.com/topic/analyzing-windows-run-keys-with-registry-explorer-and-regripper-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/how-to-find-evidence-of-persistence-in-startup-folders-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/windows-services-overview-and-analysis-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/detecting-and-analyzing-malicious-scheduled-tasks-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/persistence-mechanisms-analysis-with-sysinternals-autoruns-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/windows-event-logs-overview-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/analyzing-windows-event-logs-with-eventlogexplorer-and-evtxecmd-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/windows-defender-event-log-analysis-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/analyzing-service-installs-using-the-system-event-log-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/security-event-log-and-authentication-events-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/authentication-events-and-logon-ids-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/powershell-event-logs-overview-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/analyzing-malicious-powershell-events-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/overview-of-the-sysmon-event-log-and-relevant-event-ids-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/detecting-malicious-events-in-sysmon-event-logs-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/setting-up-volatility3-in-the-ubuntu-environment-2/2023-07-10T05:45:40-07:00https://bluecapesecurity.com/topic/important-files-for-memory-analysis-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/gathering-windows-system-information-with-volatility3-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/detecting-suspicious-windows-processes-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/dumping-processes-from-the-memory-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/detecting-and-analyzing-injected-dlls-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/identifying-process-owners-and-associated-sids-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/detecting-and-analyzing-malicious-registry-key-entries-from-memory-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/super-timeline-analysis-process-and-important-requirements-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/preparing-tools-and-converting-the-disk-image-with-qemu-2/2023-07-12T11:40:22-07:00https://bluecapesecurity.com/topic/memory-timeline-creation-with-volatility3-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/creating-a-timeline-of-the-disk-image-with-plaso-tools-and-log2timeline-2/2023-07-12T11:40:00-07:00https://bluecapesecurity.com/topic/merging-timelines-with-mactime-parser-and-creating-a-super-timeline-2/2023-07-12T11:40:05-07:00https://bluecapesecurity.com/topic/super-timeline-overview-with-timeline-explorer-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/analyzing-malicious-activity-using-the-super-timeline-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/considerations-and-reporting-types-2/2023-07-10T05:45:41-07:00https://bluecapesecurity.com/topic/wrap-up-and-next-steps-2/2023-07-10T05:45:42-07:00https://bluecapesecurity.com/topic/1-3-living-off-the-land-attacks/2023-10-11T15:03:05-07:00https://bluecapesecurity.com/topic/1-1-splunk-installation/2023-09-07T14:44:54-07:00https://bluecapesecurity.com/topic/1-2-velociraptor-installation/2023-09-07T14:52:14-07:00https://bluecapesecurity.com/topic/4-1-data-collection/2023-09-06T15:02:40-07:00https://bluecapesecurity.com/topic/windows-credential-dumping-attacks/2023-09-06T15:15:38-07:00https://bluecapesecurity.com/topic/2-1-windows-credential-dumping-attacks/2023-10-11T16:38:11-07:00https://bluecapesecurity.com/topic/2-2-remote-authentication-attacks-2/2023-09-15T16:32:52-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/welcome-to-practical-windows-forensics-3/topic/welcome-and-course-introduction-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/resoures-and-materials-overview-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/welcome-to-practical-windows-forensics-3/topic/pwf-course-roadmap-3/2023-11-16T14:18:00-08:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/2-online-lab-instructions/topic/lab-setup-overview-3/2025-08-26T14:50:45-07:00https://bluecapesecurity.com/topic/build-your-forensic-workstation-tutorial-and-downloads-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/virtualbox-and-windows-2019-vm-installation-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/wsl-and-ubuntu-installation-on-windows-2019-server-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/wsl-and-ubuntu-installation-on-windows-10-alternative-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/forensic-workstation-windows-configuration-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/downloading-and-installing-forensic-tools-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/target-system-configuration-and-attack-script-preparation-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/topic/execute-the-attack-script-on-the-target-system-3/2023-09-17T21:25:07-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/3-data-collection-process-3/topic/forensic-process-overview-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/3-data-collection-process-3/topic/data-collection-options/2023-09-21T17:25:25-07:00https://bluecapesecurity.com/topic/memory-acquisition-of-the-target-system-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/topic/disk-acquisition-of-the-target-system-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/4-examination-of-the-forensic-data-3/topic/data-examination-process-overview-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/4-examination-of-the-forensic-data-3/topic/mounting-the-disk-image-with-arsenal-image-mounter-3/2024-11-22T22:03:04-08:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/4-examination-of-the-forensic-data-3/topic/overview-of-windows-files-and-forensic-artifacts-3/2023-09-18T10:37:03-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/4-examination-of-the-forensic-data-3/topic/creating-a-triage-data-collection-with-kape-3/2023-09-21T19:38:19-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-disk-analysis-introduction-3/topic/sources-of-evidence-and-disk-analysis-process-overview-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-disk-analysis-introduction-3/topic/notes-taking-and-course-materials-3/2025-08-31T15:16:30-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/windows-registry-overview-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/exploring-the-registry-with-registry-explorer-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/gathering-system-information-with-regripper-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/regripper-analysis-continued-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/parsing-registry-hives-in-bulk-with-regripper-3/2023-11-15T15:17:50-08:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/user-accounts-and-sids-overview-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-1-windows-registry-analysis-3/topic/analysis-of-user-accounts-groups-and-profiles-3/2023-09-17T21:25:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-2-user-behavior-analysis-3/topic/user-behavior-analysis-overview-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-2-user-behavior-analysis-3/topic/userassist-analysis-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-2-user-behavior-analysis-3/topic/recentdocs-analysis-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-2-user-behavior-analysis-3/topic/shellbags-analysis-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-3-overview-of-disk-structures-partitions-and-file-systems-3/topic/what-is-a-file-system-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-3-overview-of-disk-structures-partitions-and-file-systems-3/topic/exploring-disk-structures-and-the-ntfs-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-4-analysis-of-the-master-file-table-mft-3/topic/overview-of-mft-records-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-4-analysis-of-the-master-file-table-mft-3/topic/analysis-of-mft-records-with-mftecmd-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-4-analysis-of-the-master-file-table-mft-3/topic/mft-parsing-and-in-depth-analysis-with-mftecmd-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-4-analysis-of-the-master-file-table-mft-3/topic/file-timestamps-and-the-macb-timestamp-format-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-4-analysis-of-the-master-file-table-mft-3/topic/investigating-file-timestomping-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-5-finding-evidence-of-deleted-files-with-usn-journal-analysis-3/topic/how-can-we-find-evidence-of-deleted-files-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-5-finding-evidence-of-deleted-files-with-usn-journal-analysis-3/topic/analyzing-the-usn-journal-for-deleted-files-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/execution-artifacts-introduction-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/analyzing-the-background-activity-moderator-bam-3/2023-09-17T21:25:09-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/analysis-of-the-application-compatibility-cache-shimcache-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/overview-of-the-amcache-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/analyzing-the-amcache-with-amcacheparser-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/bonus-amcache-in-depth-analysis-and-why-scheduled-tasks-matter-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/windows-prefetch-analysis-with-pecmd-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-6-analyzing-evidence-of-program-execution-3/topic/windows-prefetch-timeline-analysis-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-7-finding-evidence-of-persistence-mechanisms-3/topic/analyzing-windows-run-keys-with-registry-explorer-and-regripper-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-7-finding-evidence-of-persistence-mechanisms-3/topic/how-to-find-evidence-of-persistence-in-startup-folders-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-7-finding-evidence-of-persistence-mechanisms-3/topic/windows-services-overview-and-analysis-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-7-finding-evidence-of-persistence-mechanisms-3/topic/detecting-and-analyzing-malicious-scheduled-tasks-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-7-finding-evidence-of-persistence-mechanisms-3/topic/persistence-mechanisms-analysis-with-sysinternals-autoruns-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/windows-event-logs-overview-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/analyzing-windows-event-logs-with-eventlogexplorer-and-evtxecmd-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/windows-defender-event-log-analysis-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/analyzing-service-installs-using-the-system-event-log-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/security-event-log-and-authentication-events-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/authentication-events-and-logon-ids-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/powershell-event-logs-overview-3/2023-09-17T21:25:10-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/analyzing-malicious-powershell-events-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/overview-of-the-sysmon-event-log-and-relevant-event-ids-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/5-8-uncover-malicious-activity-with-windows-event-log-analysis-3/topic/detecting-malicious-events-in-sysmon-event-logs-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/topic/setting-up-volatility3-in-the-ubuntu-environment-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/important-files-for-memory-analysis-3/2024-07-03T12:16:08-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/gathering-windows-system-information-with-volatility3-3/2024-11-22T22:19:33-08:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/detecting-suspicious-windows-processes-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/dumping-processes-from-the-memory-3/2024-07-03T12:43:26-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/detecting-and-analyzing-injected-dlls-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/identifying-process-owners-and-associated-sids-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/detecting-and-analyzing-malicious-registry-key-entries-from-memory-3/2023-09-17T21:25:11-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/7-kitchen-sink-analysis-with-super-timelines-3/topic/super-timeline-analysis-process-and-important-requirements-3/2024-11-22T22:46:21-08:00https://bluecapesecurity.com/topic/lab-instructions-linux-forensic-vm-2/2024-07-11T22:29:40-07:00https://bluecapesecurity.com/topic/memory-timeline-creation-with-volatility3-3/2024-07-11T16:51:41-07:00https://bluecapesecurity.com/topic/creating-a-timeline-of-the-disk-image-with-plaso-tools-and-log2timeline-3/2024-07-11T20:24:43-07:00https://bluecapesecurity.com/topic/merging-timelines-with-mactime-parser-and-creating-a-super-timeline-3/2024-07-11T20:56:39-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/7-kitchen-sink-analysis-with-super-timelines-3/topic/super-timeline-overview-with-timeline-explorer-3/2024-11-22T22:49:41-08:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/7-kitchen-sink-analysis-with-super-timelines-3/topic/analyzing-malicious-activity-using-the-super-timeline-3/2024-07-11T21:22:51-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/8-reporting-3/topic/considerations-and-reporting-types-3/2023-09-17T21:25:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/9-final-3/topic/wrap-up-and-next-steps-3/2023-09-17T21:25:12-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/4-examination-of-the-forensic-data-3/topic/lab-instructions-windows-forensic-vm/2024-07-31T16:31:35-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/6-windows-memory-analysis-3/topic/lab-instructions-linux-forensic-vm/2024-11-22T22:16:38-08:00https://bluecapesecurity.com/topic/chapter-online-lab-notes/2023-09-18T12:27:56-07:00https://bluecapesecurity.com/courses/practical-windows-forensics-labs/lessons/3-data-collection-process-3/topic/target-system-data-collection/2024-11-22T21:59:03-08:00https://bluecapesecurity.com/topic/3-1-windows-endpoint-investigations/2023-09-22T11:33:15-07:00https://bluecapesecurity.com/topic/4-3-advanced-analysis-with-splunk/2023-10-02T14:23:38-07:00https://bluecapesecurity.com/topic/4-4-advanced-analysis-with-sigma-rules/2023-10-02T14:30:50-07:00https://bluecapesecurity.com/topic/4-2-practical-windows-forensic-analysis/2023-10-02T14:29:18-07:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-1-enterprise-domain-environments/topic/domains-and-active-directory-overview/2023-11-01T11:28:06-07:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-1-enterprise-domain-environments/topic/accounts-and-credential-abuse-techniques/2024-01-28T21:24:26-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-1-enterprise-domain-environments/topic/lab-domain-controllers-and-user-accounts-management/2024-02-02T14:54:26-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-1-enterprise-domain-environments/topic/lab-managing-group-policy-objects/2024-02-02T14:53:20-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-1-windows-event-logs/topic/lab-exploring-and-analyzing-windows-event-logs/2024-02-02T14:59:09-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-2-powershell-event-logging-and-tuning/topic/lab-powershell-logging-basics/2024-02-02T15:07:25-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-3-sysmon-event-logging-and-detection/topic/sysmon-essentials-introduction-into-powerful-system-monitoring/2024-02-02T15:16:53-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-1-windows-event-logs/topic/lab-enabling-process-creation-events-and-analysis-with-powershell/2024-02-02T15:02:09-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-logging-telemetry-visibility/topic/logging-telemetry-and-visibility-overview/2024-01-05T15:25:30-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-2-powershell-event-logging-and-tuning/topic/lab-powershell-logging-advanced/2024-02-02T15:14:40-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-2-powershell-event-logging-and-tuning/topic/powershell-logging-matters/2024-02-02T15:05:20-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-2-powershell-event-logging-and-tuning/topic/greater-visibility-through-powershell-advanced-logging/2024-02-02T15:11:19-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-1-enterprise-domain-environments/topic/lab-deploy-ransomware-using-gpos/2024-02-02T14:51:24-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-2-powershell-event-logging-and-tuning/topic/1-2-2-lab-instructions/2024-02-02T15:03:25-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-1-windows-event-logs/topic/1-2-1-lab-instructions/2024-02-02T14:56:49-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-3-sysmon-event-logging-and-detection/topic/1-2-3-lab-instructions/2024-02-02T15:17:19-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-1-enterprise-domain-environments/topic/1-1-lab-instructions/2024-02-02T14:55:44-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-3-sysmon-event-logging-and-detection/topic/lab-setting-up-sysmon-installation-and-essential-configurations/2024-02-02T15:19:01-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-3-sysmon-event-logging-and-detection/topic/harnessing-sysmon-configurations-optimize-monitoring-efficiency/2024-02-02T15:20:21-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-3-sysmon-event-logging-and-detection/topic/lab-customizing-sysmon-templates/2024-02-02T15:21:46-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/1-2-3-sysmon-event-logging-and-detection/topic/lab-next-level-sysmon-enhanced-detections-and-advanced-configurations/2024-02-02T15:25:52-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/discovery-execution-and-file-transfer-with-lolbins/topic/lolbins-overview/2024-02-02T16:24:23-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/discovery-execution-and-file-transfer-with-lolbins/topic/lab-system-reconnaissance-with-lolbins/2024-02-02T16:29:05-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/discovery-execution-and-file-transfer-with-lolbins/topic/lab-malicious-powershell-execution-techniques/2024-02-02T16:34:31-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/discovery-execution-and-file-transfer-with-lolbins/topic/lab-execution-and-persistence-with-service-installs/2024-02-02T16:36:24-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/discovery-execution-and-file-transfer-with-lolbins/topic/3-1-lab-instructions/2024-02-02T16:24:47-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/discovery-execution-and-file-transfer-with-lolbins/topic/common-miscellaneous-lolbin-usage/2023-11-30T16:41:13-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/domain-reconnaissance/topic/lab-active-directory-enumeration-with-powerview/2024-02-02T16:50:01-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/domain-reconnaissance/topic/4-1-lab-instructions/2024-02-02T16:38:09-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/domain-reconnaissance/topic/lab-suspicious-adfind-domain-enumeration/2024-02-02T16:55:54-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/domain-reconnaissance/topic/advanced-domain-enumeration-with-bloodhound/2024-02-02T17:00:10-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/domain-reconnaissance/topic/domain-enumeration-introduction/2023-12-15T10:31:41-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/credential-dumping/topic/lab-dumping-ntlm-hashes-with-mimikatz/2024-02-24T14:47:57-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/credential-dumping/topic/lab-extracting-ntlm-hashes-offline/2024-06-11T13:34:54-07:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/credential-dumping/topic/lab-cracking-ntlm-hashes/2024-02-02T17:13:58-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/sessions-and-tokens/topic/lab-token-impersonation-attack/2024-02-08T21:39:44-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/credential-dumping/topic/the-windows-authentication-architecture/2024-02-02T17:05:08-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/sessions-and-tokens/topic/windows-logon-sessions-and-access-tokens/2024-02-08T21:33:22-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/lateral-movement-techniques/topic/windows-sso-and-lateral-movement-techniques-overview/2024-02-08T21:45:15-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/lateral-movement-techniques/topic/demo-pass-the-hash-pass-the-ticket-and-psexec/2023-12-21T20:27:23-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/persistence-mechanisms/topic/lab-autostart-via-registry-runkeys-and-startup-folders/2024-02-09T06:44:13-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/persistence-mechanisms/topic/lab-scheduled-tasks-for-initial-or-recurring-execution-of-malicious-code/2024-02-18T10:28:20-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/persistence-mechanisms/topic/lab-persistence-via-wmi-event-subscribers/2024-02-18T10:28:49-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/credential-dumping/topic/5-1-lab-instructions/2024-02-02T17:04:04-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/windows-endpoint-compromise-overview/topic/7-lab-instructions/2024-02-16T10:05:20-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/windows-endpoint-compromise-overview/topic/windows-endpoint-compromise-tactics-and-techniques/2024-02-08T21:48:43-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/privilege-escalation-techniques/topic/lab-bypassing-the-user-account-control/2024-02-08T22:06:27-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/privilege-escalation-techniques/topic/common-privilege-escalation-tactics/2024-01-28T22:56:13-08:00https://bluecapesecurity.com/topic/7-2-lab-instructions/2024-02-08T22:01:00-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/initial-access-techniques/topic/lab-exploring-malicious-office-documents-with-macros/2024-02-02T16:09:13-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/initial-access-techniques/topic/2-1-lab-instructions/2024-02-02T15:56:28-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/initial-access-techniques/topic/understanding-initial-access-techniques-real-world-insights-and-statistics/2024-02-01T22:26:13-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/course-introduction/topic/course-logistics-resources-and-support/2024-02-02T14:40:22-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/course-introduction/topic/welcome-and-course-overview/2024-02-02T09:50:37-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/cyber-threat-landscape/topic/mastering-enterprise-security-threat-actors-attacks-and-response/2024-02-02T14:43:32-08:00https://bluecapesecurity.com/topic/analyzing-malware-and-common-malicious-scripts/2024-02-06T13:26:08-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/data-staging-and-exfiltration-techniques/topic/lab-manual-data-staging-and-exfiltration-using-rclone/2024-02-08T21:17:26-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/data-staging-and-exfiltration-techniques/topic/lab-automated-data-exfiltration-with-exbyte/2024-02-09T06:47:03-08:00https://bluecapesecurity.com/topic/7-4-lab-instructions/2024-02-08T13:53:05-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/execution-and-defense-evasion/topic/demo-exploring-live-windows-processes-and-what-looks-normal/2024-02-15T09:41:12-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/execution-and-defense-evasion/topic/lab-deep-dive-into-process-injection-with-process-hollowing/2024-02-15T14:27:00-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/execution-and-defense-evasion/topic/bypassing-avs-and-edrs-in-modern-day-environments/2024-02-15T13:27:25-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/execution-and-defense-evasion/topic/introduction-into-process-internals/2024-02-15T14:25:45-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/network-telemetry-and-security/topic/network-telemetry-and-security-introduction/2024-02-22T23:16:38-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/windows-network-security/topic/lab-network-security-on-windows-endpoints/2024-02-22T23:19:04-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/windows-network-security/topic/lab-common-techniques-for-tampering-with-windows-firewalls/2024-02-22T23:21:52-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/network-telemetry-and-security/topic/8-lab-instructions/2024-02-22T23:37:17-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/c2-beacon-analysis/topic/lab-extracting-network-indicators-from-c2-beacon-payloads/2024-02-22T23:30:49-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/c2-beacon-analysis/topic/lab-hunting-for-beacons-via-pcap-analysis-and-fingerprinting/2024-02-22T23:32:51-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/c2-beacon-analysis/topic/c2-attack-infrastructure-and-beacons-overview/2024-02-22T23:26:57-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/powershell-payload-analysis/topic/lab-analyzing-payloads-and-extracting-shellcode-part-1/2024-03-04T00:24:14-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/powershell-payload-analysis/topic/lab-analyzing-payloads-and-extracting-shellcode-part-2/2024-03-04T00:25:42-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/powershell-payload-analysis/topic/gathering-intel-via-virustotal/2024-03-04T00:23:40-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/understanding-binary-file-formats/2024-03-04T00:05:38-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/lab-analyzing-file-types-and-formats/2024-03-04T00:08:21-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/lab-advanced-file-examination-and-header-inspection/2024-03-04T11:01:35-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/lab-analyzing-files-for-malicious-behavior-with-capa/2024-03-04T11:02:09-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/lab-extracting-malicious-macros-in-office-documents/2024-03-04T11:05:27-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/dynamic-malware-analysis/topic/lab-decompiling-and-debugging-net-malware-with-dnspy/2024-03-04T00:16:40-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/9-lab-instructions/2024-03-04T00:38:12-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/static-malware-analysis/topic/lab-static-portable-executable-file-analysis-with-pestudio/2024-03-04T10:56:10-08:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/offline-lab-setup/topic/optional-offline-lab-setup-instructions/2024-03-31T08:16:45-07:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/initial-access-techniques/topic/sql-injections-primer/2024-06-06T12:21:14-07:00https://bluecapesecurity.com/courses/101-enterprise-security-fundamentals/lessons/initial-access-techniques/topic/lab-analyzing-forticlient-ems-logs-for-sql-injection-attacks-cve-2023-48788/2024-06-06T12:21:08-07:00https://bluecapesecurity.com/topic/converting-the-disk-image-with-qemu/2024-07-11T16:10:29-07:00https://bluecapesecurity.com/topic/lab-instructions-windows-forensic-vm-2/2024-07-31T16:31:37-07:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/1-1-wireshark-pcap-analysis/2024-11-18T09:51:57-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/1-2-zeek-log-analysis/2024-11-18T09:47:06-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/2-1-splunk-warm-up/2024-11-18T09:47:19-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/2-2-splunk-analysis/2024-11-18T09:58:34-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/2-3-sigma-rules-analysis/2024-11-18T09:47:48-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/3-1-velociraptor-analysis/2024-11-18T09:48:00-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/4-1-dc1-disk-analysis/2024-11-18T09:48:12-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/4-2-client1-disk-analysis/2024-11-18T09:48:26-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/4-3-client1-memory-analysis/2024-11-18T09:48:38-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/5-1-pe-file-analysis/2024-11-18T09:48:49-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/5-2-script-analysis/2024-11-18T09:49:04-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/5-3-detection-with-yara-rules/2024-11-18T09:49:14-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/6-1-timesketch-analysis/2024-11-18T09:49:27-08:00https://bluecapesecurity.com/courses/master-enterprise-dfir__trashed/lessons/workshop-exercise-instructions/topic/6-2-hayabusa-analysis/2024-11-18T09:49:38-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/pcap-analysis-with-wireshark/topic/lab-wireshark-overview-and-analyzing-a-http-packet-sequence/2024-12-02T08:47:26-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/pcap-analysis-with-wireshark/topic/lab-pcap-statistics-and-initial-indicators/2024-12-02T08:47:39-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/pcap-analysis-with-wireshark/topic/lab-analyzing-ips-and-time-frames-of-activity/2024-12-02T08:47:51-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/pcap-analysis-with-wireshark/topic/lab-visualizing-beaconing-with-io-graphs/2024-12-02T08:48:01-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/zeek-logs-analysis/topic/lab-zeek-logs-overview-and-parsing/2024-12-02T08:50:31-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/zeek-logs-analysis/topic/lab-http-requests-analysis/2024-12-02T08:48:22-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/zeek-logs-analysis/topic/lab-data-exfiltration-analysis/2024-12-02T08:48:33-08:00https://bluecapesecurity.com/topic/network-traffic-analysis-findings/2024-12-02T08:39:42-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/zeek-logs-analysis/topic/lab-detecting-lateral-movement/2024-12-02T08:48:43-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-splunk-introduction-and-warm-up-exercises/2024-12-12T20:13:34-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-analyzing-the-ransomware-process-tree/2024-12-11T17:07:57-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-scoping-for-compromised-systems-via-network-indicators/2024-12-11T17:08:50-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-visualizing-network-and-beaconing-activity/2024-12-12T20:24:55-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-performing-root-cause-analysis/2024-12-11T17:10:15-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-initial-access-process-analysis/2024-12-11T17:10:56-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-initial-access-and-privilege-escalation-process-analysis/2024-12-11T17:11:41-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-using-splunk-spl-for-detecting-anomalies/2024-12-11T17:12:38-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-analyzing-scheduled-tasks-and-powershell-events/2024-12-11T17:13:45-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-windows-services-and-lateral-movement-analysis/2024-12-11T17:14:54-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/lab-logon-events-and-timeline-analysis/2024-12-11T17:21:41-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/sigma-detection-rules/topic/sigma-detection-framework-introduction/2024-12-12T19:55:18-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/sigma-detection-rules/topic/lab-writing-and-applying-sigma-rules-to-detect-powershell-scripts/2024-12-12T19:56:13-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/sigma-detection-rules/topic/lab-leveraging-open-source-rules-for-detecting-malicious-powershell-launch-parameters/2024-12-12T19:58:29-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/event-log-analysis-with-splunk/topic/splunk-analysis-overview/2024-12-12T20:06:54-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/remote-forensic-analysis-with-velociraptor/2024-12-20T08:52:42-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-introduction-into-velociraptor-and-hunts/2024-12-20T08:57:44-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-process-analysis-at-scale-2/2024-12-20T08:59:43-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-identifying-suspicious-logon-activity-and-lateral-movement/2024-12-20T14:59:49-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-identifying-and-analyzing-persistence-mechanisms/2024-12-21T15:47:15-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-analyzing-evidence-of-execution-with-amcache/2024-12-21T16:49:42-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-filesearches-with-filefinder/2024-12-28T17:01:30-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-identifying-recent-file-activity-within-a-users-downloads-folder/2024-12-28T17:02:19-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-filtering-suspicious-files-within-time-frames/2024-12-28T17:03:24-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/lab-uncovering-created-and-deleted-files/2024-12-28T17:04:00-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/remote-analysis-with-velociraptor/topic/remote-analysis-conclusion/2024-12-30T10:48:40-08:00https://bluecapesecurity.com/topic/forensic-analysis/2025-01-03T05:15:39-08:00https://bluecapesecurity.com/topic/data-collection/2025-01-03T05:15:53-08:00https://bluecapesecurity.com/topic/disk-analysis-dc1/2025-01-03T05:16:08-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/forensic-analysis/topic/investigation-timeline-phase-2/2025-01-03T05:52:36-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/forensic-analysis/topic/forensic-analysis-process-overview/2025-01-03T05:39:23-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/data-collection/topic/data-collection-within-enterprise-environments/2025-01-03T05:39:21-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/data-collection/topic/lab-data-collection-with-velociraptor-and-kape/2025-01-03T05:39:19-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-dc1-2/topic/disk-analysis-introduction/2025-01-03T05:39:18-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-dc1-2/topic/lab-gathering-system-information/2025-01-03T05:39:16-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-dc1-2/topic/lab-analyzing-registry-artifacts-and-malicious-windows-services/2025-01-03T05:39:14-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-dc1-2/topic/lab-file-creation-and-deletion-analysis-using-mft-and-usn-journal/2025-01-03T06:44:04-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-dc1-2/topic/dc1-incident-timeline-review/2025-01-08T08:17:03-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-client1-2/topic/lab-analyzing-user-registry-hives/2025-01-09T16:46:47-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-client1-2/topic/lab-analyzing-system-registry-hives-for-execution-and-persistence-mechanisms/2025-01-09T16:46:37-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-client1-2/topic/lab-analyzing-the-mft-for-malicious-files-created/2025-01-09T16:46:57-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-client1-2/topic/lab-browsing-history-analysis/2025-01-09T16:47:38-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/disk-analysis-client1-2/topic/lab-phishing-email-analysis/2025-01-09T16:48:13-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/memory-analysis-client1-2/topic/lab-setting-up-volatility-and-extracting-initial-memory-image-information/2025-03-04T22:18:08-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/memory-analysis-client1-2/topic/lab-identifying-suspicious-processes/2025-01-13T20:42:18-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/memory-analysis-client1-2/topic/lab-analyzing-evidence-of-network-activity/2025-01-13T20:42:49-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/memory-analysis-client1-2/topic/lab-establishing-process-owners-and-privileges/2025-01-13T20:45:28-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/memory-analysis-client1-2/topic/lab-creating-and-analyzing-timelines-with-volatility/2025-01-13T20:45:35-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/memory-analysis-client1-2/topic/client1-incident-timeline-review/2025-01-13T23:25:42-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/malware-detection-with-yara-rules/topic/introduction-into-pattern-detection-with-yara-rules/2025-01-20T21:13:00-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/malware-detection-with-yara-rules/topic/lab-detecting-malicious-pe-files-and-section-headers/2025-01-20T21:13:22-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/malware-detection-with-yara-rules/topic/lab-detecting-malicious-powershell-payloads-in-memory/2025-01-20T21:14:19-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/pe-files-analysis/topic/lab-pe-file-analysis-on-update-exe/2025-01-20T21:10:09-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/pe-files-analysis/topic/lab-pe-file-analysis-on-launcher-dll/2025-01-20T21:09:13-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/powershell-scripts-analysis/topic/lab-a-ps1-domainpasswordspray-script-analysis/2025-01-20T20:55:30-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/powershell-scripts-analysis/topic/lab-reconstructing-the-1-ps1-ransomware-script-via-scriptblocks/2025-01-20T21:06:55-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/powershell-scripts-analysis/topic/lab-decrypting-files-with-the-refactored-ransomware-script/2025-01-20T21:29:34-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/timeline-creation-and-analysis-techniques/topic/introduction-into-timeline-analysis-and-plaso-tools/2025-01-24T09:43:44-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/timeline-creation-and-analysis-techniques/topic/lab-creating-system-timelines-from-data-collections-with-plaso-tools/2025-01-24T10:11:39-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/timeline-creation-and-analysis-techniques/topic/lab-system-timeline-analysis-techniques-with-timeline-explorer/2025-01-24T09:55:29-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/timeline-creation-and-analysis-techniques/topic/lab-rapid-event-log-timeline-creation-and-analysis-with-hayabusa/2025-01-24T09:56:49-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/reporting-findings/topic/reporting-overview/2025-01-29T17:21:44-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/reporting-findings/topic/mitre-attck-ttps-and-iocs/2025-01-29T15:38:14-08:00https://bluecapesecurity.com/courses/301-enterprise-dfir/lessons/reporting-findings/topic/incident-response-report-template/2025-01-29T15:43:27-08:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/session-resources-4/2025-02-27T15:33:25-08:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/incident-response-and-data-collection-techniques/topic/triage-analysis-introduction/2025-03-13T11:27:21-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/incident-response-and-data-collection-techniques/topic/resources-4/2025-03-12T19:55:31-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/applied-forensic-analysis/topic/introduction/2025-03-13T08:47:23-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/applied-forensic-analysis/topic/resources-5/2025-03-12T19:55:41-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/introduction-2/2025-03-13T08:47:41-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/soc-core-capabilities/2025-03-13T08:47:41-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/threat-intelligence-threat-hunting/2025-03-13T08:47:42-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/incident-handling/2025-03-13T08:47:45-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/case-introduction/2025-03-17T18:48:26-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/security-operations-in-enterprise-environments/topic/lab-pcap-analysis/2025-03-13T08:47:50-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/incident-response-and-data-collection-techniques/topic/lab-analysis-siem-splunk/2025-03-13T08:46:34-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/incident-response-and-data-collection-techniques/topic/lab-analysis-edr-velociraptor/2025-03-13T08:46:35-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/incident-response-and-data-collection-techniques/topic/lab-data-collection-techniques/2025-03-13T08:46:40-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/applied-forensic-analysis/topic/lab-memory-analysis/2025-03-13T08:47:28-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/applied-forensic-analysis/topic/lab-disk-analysis/2025-03-13T08:47:32-07:00https://bluecapesecurity.com/courses/dfir-foundations-techniques-readiness/lessons/applied-forensic-analysis/topic/lab-timeline-analysis/2025-03-13T11:37:31-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for001-disgruntled-managers-exodus/topic/for001-case-introduction/2025-05-10T15:38:41-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for002-suspicious-network-connection/topic/for002-case-introduction/2025-05-10T15:38:54-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for003-unauthorized-access/topic/for003-case-introduction/2025-05-18T22:38:26-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for004-suspicious-logons/topic/for004-case-introduction/2025-05-14T13:40:37-07:00https://bluecapesecurity.com/courses/200for-beta-feedback__trashed/lessons/feedback-support/topic/for200-scenario-feedback-form/2025-05-02T11:41:08-07:00https://bluecapesecurity.com/topic/for002-feedback-form/2025-05-01T09:07:06-07:00https://bluecapesecurity.com/topic/for003-feedback-form/2025-05-01T09:07:15-07:00https://bluecapesecurity.com/topic/for004-feedback-form/2025-05-01T09:07:19-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for001-disgruntled-managers-exodus/topic/for001-reflection/2025-05-12T14:38:55-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for002-suspicious-network-connection/topic/for002-reflection/2025-05-12T15:57:05-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for003-unauthorized-access/topic/for003-reflection/2025-05-18T22:13:36-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for004-suspicious-logons/topic/for004-reflection/2025-05-14T13:43:53-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for001-disgruntled-managers-exodus/topic/for001-solution-timeline-analysis/2025-05-18T22:51:00-07:00https://bluecapesecurity.com/topic/topic-2/2025-05-06T10:22:55-07:00https://bluecapesecurity.com/topic/topic/2025-05-06T10:23:03-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for001-disgruntled-managers-exodus/topic/for001-solution-summary-report/2025-05-10T15:35:59-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for001-disgruntled-managers-exodus/topic/for001-next-steps/2025-05-12T14:38:26-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for002-suspicious-network-connection/topic/for002-solution-timeline-analysis/2025-05-18T22:51:54-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for002-suspicious-network-connection/topic/for002-solution-summary-report/2025-05-12T14:41:55-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for002-suspicious-network-connection/topic/for002-next-steps/2025-05-12T14:49:16-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for003-unauthorized-access/topic/for003-next-steps/2025-05-12T14:50:12-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for004-suspicious-logons/topic/for004-next-steps/2025-05-12T14:50:00-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for004-suspicious-logons/topic/for004-solution-timeline-analysis/2025-07-09T09:47:16-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for004-suspicious-logons/topic/for004-solution-summary-report/2025-05-14T13:38:45-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for003-unauthorized-access/topic/for003-solution-timeline-analysis/2025-05-18T22:52:31-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/for003-unauthorized-access/topic/for003-solution-summary-report/2025-05-18T22:39:43-07:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir002/topic/ir002-case-introduction/2025-11-11T20:39:33-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir002/topic/ir002-tnt-environment/2025-11-11T14:03:57-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir001/topic/ir001-case-introduction/2025-11-12T13:18:00-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir001/topic/ir001-investigation-setup/2025-11-11T10:05:17-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir003/topic/ir003-case-introduction/2025-11-20T17:43:44-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir003/topic/ir003-tnt-environment/2025-11-21T08:44:50-08:00https://bluecapesecurity.com/topic/ir001-reflection/2025-07-10T14:46:58-07:00https://bluecapesecurity.com/topic/002-reflection/2025-07-10T14:48:58-07:00https://bluecapesecurity.com/topic/topic-3/2025-07-10T14:47:23-07:00https://bluecapesecurity.com/topic/ir003-reflection/2025-07-10T14:48:53-07:00https://bluecapesecurity.com/topic/ir003-solution-timeline-analysis/2025-07-10T15:23:46-07:00https://bluecapesecurity.com/topic/topic-5/2025-07-10T14:50:26-07:00https://bluecapesecurity.com/topic/ir003-solution-summary-report/2025-07-10T15:24:00-07:00https://bluecapesecurity.com/topic/ir002-solution-summary-report/2025-07-10T15:23:18-07:00https://bluecapesecurity.com/topic/ir002-solution-timeline-analysis/2025-07-10T15:23:00-07:00https://bluecapesecurity.com/topic/ir001-solution-timeline-analysis/2025-07-10T15:22:36-07:00https://bluecapesecurity.com/topic/ir001-solution-summary-report/2025-07-10T15:22:29-07:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir001/topic/ir001-solution-recap-key-takeaways/2025-11-11T10:24:27-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir002/topic/ir002-solution-recap-key-takeaways/2025-11-11T20:52:53-08:00https://bluecapesecurity.com/topic/topic-6/2025-07-10T15:07:33-07:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir003/topic/ir003-solution-recap-key-takeaways/2025-11-21T09:37:48-08:00https://bluecapesecurity.com/courses/analyst-1-practical-windows-forensic-analyst/lessons/starting-the-pwfa-certification-exam/topic/start-pwfa-exam/2025-08-08T12:01:01-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/scenario-walkthrough-videos/topic/for001-disgruntled-managers-exodus/2025-08-26T15:31:26-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/scenario-walkthrough-videos/topic/for002-suspicious-network-connection/2025-08-26T15:31:22-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/scenario-walkthrough-videos/topic/for003-unauthorized-access/2025-08-26T15:31:41-07:00https://bluecapesecurity.com/courses/200-for-investigations/lessons/scenario-walkthrough-videos/topic/for004-suspicious-logons/2025-08-26T15:31:54-07:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir001/topic/ir001-solution-threat-actor-ttp-insights/2025-11-17T15:33:10-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir001/topic/ir001-solution-timeline-analysis-2/2025-11-12T13:59:26-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir002/topic/ir002-solution-threat-actor-ttp-insights/2025-11-17T15:35:14-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir002/topic/ir002-solution-timeline-analysis-2/2026-04-02T11:39:10-07:00https://bluecapesecurity.com/courses/hero-bundle__trashed/lessons/starting-the-pwfa-certification-exam-2/topic/start-pwfa-exam-2/2025-11-19T14:32:49-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir003/topic/ir003-solution-threat-actor-ttp-insights/2025-11-21T09:30:51-08:00https://bluecapesecurity.com/courses/300-ir-investigations/lessons/ir003/topic/ir003-solution-timeline-analysis-2/2025-11-20T17:57:40-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-2-hayabusa-detect-security-event-log-clearing-with-sigma/topic/task-detect-windows-security-event-logs-clearing-with-sigma/2026-01-02T06:07:27-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-2-hayabusa-detect-security-event-log-clearing-with-sigma/topic/task-solution-detection-results/2026-01-02T06:06:25-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-3-splunk-detect-psexec-service-execution-with-sigma/topic/task-detecting-psexec-service-execution/2025-12-29T20:33:47-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-3-splunk-detect-psexec-service-execution-with-sigma/topic/task-solution-detection-results-2/2025-12-29T19:37:39-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-4-splunk-detect-lsass-credential-dumping-with-sigma/topic/task-detecting-lsass-credential-dumping/2025-12-31T10:09:28-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-4-splunk-detect-lsass-credential-dumping-with-sigma/topic/task-solution-detection-results-3/2026-01-02T06:12:01-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-5-splunk-detect-brute-force-password-spray-attacks-with-sigma-correlation/topic/task-validate-the-correlation-detection-in-splunk/2025-12-29T20:06:49-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-5-splunk-detect-brute-force-password-spray-attacks-with-sigma-correlation/topic/task-solution-correlation-detection-results/2025-12-29T20:06:12-08:00https://bluecapesecurity.com/courses/detection-engineering-with-sigma/lessons/module-5-splunk-detect-brute-force-password-spray-attacks-with-sigma-correlation/topic/bonus-task-detect-potential-http-https-beaconing/2025-12-29T20:03:37-08:00https://bluecapesecurity.com/courses/react2shell-server-compromise-investigation/lessons/react2shell-resources/topic/react2shell-detection-rules/2026-03-27T11:05:12-07:00https://bluecapesecurity.com/courses/react2shell-server-compromise-investigation/lessons/react2shell-resources/topic/react2shell-ioc-list/2026-03-27T11:00:27-07:00https://bluecapesecurity.com/courses/react2shell-server-compromise-investigation/lessons/react2shell-resources/topic/tshark-quick-reference/2026-03-27T11:08:32-07:00https://bluecapesecurity.com/topic/topic-4/2026-01-08T14:50:53-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-0-platform-orientation-dataset-familiarization/topic/lesson-0-answers/2026-01-08T14:54:59-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-3-cloud-infrastructure-baseline-automation/topic/lesson-3-answers/2026-01-08T14:55:31-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-4-cryptocurrency-mining-incident/topic/lesson-4-answers/2026-01-08T14:55:41-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-5-dns-network-scanning-external-recon/topic/lesson-5-answers/2026-01-08T14:55:50-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-2-aws-credential-leakage-cloud-abuse/topic/lesson-2-answers/2026-01-08T14:55:18-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-1-aws-iam-activity-cloud-misconfiguration/topic/lesson-1-answers/2026-01-08T14:55:07-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-6-phishing-malware-delivery-email-abuse/topic/lesson-6-answers/2026-01-08T14:55:58-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-7-windows-endpoint-compromise-identity-abuse/topic/lesson-7-answers/2026-01-08T14:56:06-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-8-linux-server-compromise-privilege-escalation/topic/lesson-8-answers/2026-01-08T14:56:13-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-9-c2-defacement-adversary-artifacts/topic/lesson-9-answers/2026-01-08T14:56:20-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-10-soc-analytics-telemetry-advanced-spl/topic/lesson-10-answers/2026-01-08T14:56:27-08:00https://bluecapesecurity.com/courses/splunk-bots-v3/lessons/lesson-11-osint-contextual-attribution-optional-bonus/topic/lesson-11-answers/2026-01-08T14:56:35-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-2-detecting-china-chopper-webshell-with-yara/topic/task-detecting-a-china-chopper-aspx-web-shell-with-yara/2026-01-19T15:34:58-08:00https://bluecapesecurity.com/topic/topic-7/2026-01-19T15:30:48-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-2-detecting-china-chopper-webshell-with-yara/topic/task-solution-detection-results-4/2026-01-19T15:35:04-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-3-yara-in-incident-response-detecting-ransomware-infected-hosts/topic/task-detect-infected-machines-with-yara/2026-01-19T15:36:02-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-3-yara-in-incident-response-detecting-ransomware-infected-hosts/topic/task-solution-detection-results-5/2026-01-19T15:36:08-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-4-detecting-xmrig-miner-with-yara/topic/task-detect-xmrig-miner-pe-with-yara/2026-01-19T15:37:04-08:00https://bluecapesecurity.com/topic/topic-8/2026-01-19T15:32:09-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-4-detecting-xmrig-miner-with-yara/topic/task-solution-detection-results-6/2026-01-20T17:03:03-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-5-hunting-cobalt-strike-beacon-in-memory-using-yara/topic/task-detecting-cobalt-strike-beacon-in-memory/2026-01-19T15:37:56-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-5-hunting-cobalt-strike-beacon-in-memory-using-yara/topic/task-solution/2026-01-20T17:02:39-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-1-anatomy-of-yara-rules/topic/task-write-and-run-your-first-yara-rule/2026-01-19T16:41:34-08:00https://bluecapesecurity.com/courses/malware-detection-with-yara/lessons/module-4-detecting-xmrig-miner-with-yara/topic/task-extract-indicators-from-xmrig-pe-with-die/2026-01-19T17:03:21-08:00https://bluecapesecurity.com/courses/foundations-of-cyber-threat-intelligence/lessons/module-4-cyber-threat-intelligence-frameworks/topic/task-attck-framework-analysis/2026-04-01T11:41:56-07:00https://bluecapesecurity.com/courses/foundations-of-cyber-threat-intelligence/lessons/module-4-cyber-threat-intelligence-frameworks/topic/task-solution-2/2026-04-01T11:43:44-07:00https://bluecapesecurity.com/courses/foundations-of-cyber-threat-intelligence/lessons/task-cyber-threat-intelligence-reporting-exercise/topic/task-solution-3/2026-03-17T15:55:23-07:00https://bluecapesecurity.com/courses/bec-investigation-with-sof-elk/lessons/module-4-investigating-suspicious-activity-in-microsoft-365-logs/topic/task-identify-suspicious-inbox-forwarding-rules/2026-04-01T13:41:15-07:00https://bluecapesecurity.com/courses/bec-investigation-with-sof-elk/lessons/module-4-investigating-suspicious-activity-in-microsoft-365-logs/topic/task-solution-4/2026-04-01T13:45:42-07:00