Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remaining sessions.
Here's a few of the resources that Ashek mentioned and used - let me know in the comments below if you want anything further.
You can access it at https://share.ialab.dsu.edu/CRRC/Incident%20Response/Supplementary%20Material/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
please re upload
Same here, managed to find it by googling the filename.