https://docs.google.com/presentation/d/1J5XihEfOf_CuSNYa06dUCjPBP9UI87jqaTDRx1Q9ffQ/edit#slide=id.g2588dab0f0d_0_677
Défense in Depth
You can audit Windows event in Event Viewer.
reg query HKLM\\SOFTWARE >> c:\\temp\\soft_list.txt
#this command will save the output of the reg query HKLM\\SOFTWARE command in the text file
#the command shows a list of all installed softwares in Windows
#now you can slice with \\ and save the last part aka token of each line of the txt file to know and check which programs are installed. use python. UNDONE
Windows Event ID Encyclopaedia: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx
or just Google it.
How to see a specific event log in console and stuffs. One bhai from the group shared. UNDONE: https://t.me/c/1510392440/1070
Reg query execution using python and redirect to a file_Team Charlie_Follow up meeting recording: https://t.me/c/1510392440/1071