Deep Blue

The Deep blue Investigation requires the examination of security and system logs.

Scenario

A Windows workstation was recently compromised, and evidence suggests it was an attack against internet-facing RDP, then Meterpreter was deployed to conduct 'Actions on Objectives'. Can you verify these findings?The goal is to find the commands that were used by the
---------------------------

Tools Used

In this case we work with the following:

• DeepBlueCLI - https://github.com/sans-blue-team/DeepBlueCLI

• Microsoft Event viewer - Preinstalled on Windows

The blue team must also identify sender addresses, sender/receiver E-Mails, IPs, Host Name, URLs, attached files, malicious links.