Detecting PsExec Usage

In this episode, we're going to look at a variety of methods you can use to determine whether or not a system was the recipient of a PsExec connection. While you may already be familiar with some of these detections, there's a good chance you haven't seen them all! *** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. *** 📖 Chapters 00:00 - Intro 03:03 - Demo 1 05:09 - Event Log Analysis 1 09:01 - Demo 2 09:56 - Event Log Analysis 2 10:56 - Shimcache Analysis 15:46 - The Key to Identify PsExec 17:55 - Prefetch Analysis 21:38 - Recap 🛠 Resources The Key to Identify PsExec: https://dfirdominican.com/the-key-to-identify-psexec/ Prefetch Deep Dive: https://www.youtube.com/watch?v=f4RAtR_3zcs #Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics