One day I took my red SANS poster out (link) and figured it might be a good idea to acquire one or the other artifact using an EDR – in our case Tanium. I was particularly interested in getting RDP MRUs out of the registry. That’s when the struggle began. […]
Agent based EDR and HKCU
