Visualise "Normal" Use-Cases

Visualise "Normal" Use-Cases

By "normal", we mean the usual things that users (admins included) do with their endpoints.


What do we mean by "normal"?

Key Lessons

  • What are typical use-cases that lead to client-side infiltration? E.g. email, web browsing...
    • notion image
  • Studying "normal" (based on what student established with first goal), with a Windows VM & OpenEDR data-set visualisation
  • Learn how to use Sysmon events to observe the various process behaviours, particularly related to Payload Delivery & Code-Execution (as highlighted under Tactics column above)