Great interaction again on today's session - thanks for joining in! I loved having a proper look at how code can be executed on your network and devices, and what Sophos EDR can do to help you threat hunt. We'll see more of that power in the remaining sessions.
Here's a few of the resources that Ashek mentioned and used - let me know in the comments below if you want anything further.
- Generic Search query: https://community.sophos.com/intercept-x-endpoint/i/anomalies/generic-search
- Cyberchef: https://gchq.github.io/CyberChef/
- And also, here's a great SANS poster with lots of stuff to hunt for: https://share.ialab.dsu.edu/CRRC/Incident%20Response/Supplementary%20Material/SANS_Poster_2018_Hunt_Evil_FINAL.pdf
See you all again tomorrow!