Detection Tools: DeepBlueCLI, Velociraptor, SysInternals Suite
- DeepBlueCLI: https://github.com/sans-blue-team/DeepBlueCLI – Open-source PowerShell script for event log analysis.
- Velociraptor: https://docs.velociraptor.app – Advanced endpoint monitoring and response tool (official docs link to downloads).
- SysInternals Suite: https://learn.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite – Microsoft’s collection of system utilities.
