KC7 Inside Encryptodera - Section 3: F in the chat
This post is a write-up or clues on how to resolve the KC7 investigation case of Inside Encryptodera - Section 3: F in the chat . You can use it as a helpful guide when you encounter an obstacle, as it structured as a fill-in-the-blanks solution. Section 3: Question 1: What username was used to log into the DOMAIN_CONTROLLER_SERVER? AuthenticationEvents | where hostname == "DOMAIN_CONTROLLER_SERVER" | project username Question 2: What laptop did the lihenry_domain_admin account sign into?...