IR Lifecycle Each phase of the lifecycle must be complete before the next phase can begin. Incomplete identification can lead to incomplete containment, and incomplete investigation can cause backdoors to be left in network even after eradication. Following this lifecycle helps to provide a structure of how to conduct Incident Response. Host Artifacts Powershell LogsLogging is not enabled by default Enable logging at Administrative Templates → Windows Components → Windows PowerShell

This post will be the first of many (hopefully) binary exploitation posts. I am writing this so I can refer in the future and maybe someone will learn something from it too. I will be using the binary from github. Part 1 - Functions & Static AnalysisLoading the binary into gdb and looking at the functions reveals 4 interesting functions flag vuln win_function1 win_function2 Lets look into the 4 functions and what they do.