fatcousin
home

drop security evtx csv · detect token impersonation and privilege events · 4624 type 2/3 anomalies · special privileges assigned · runs locally

security evtx csv
drop evtx csv
or click

4672 · 4648 · 4624 — evtxecmd / chainsaw security export

drop security evtx csv (4672, 4648, 4624)
ready