Exploring RMM Tools and Their Forensics

Presented at CactusCon 12 (2024), Feb. 17, 2024, 10:30 a.m. (30 minutes).

How do you prove (or disprove) activities on any of the dozens of RMM choices? Google loves recommending articles which can be years old, and may contain incorrect information. So I wasted a bunch of time figuring out what I could about popular RMM tools relating to forensics. This is a short talk going through IR stories, forensic issues I've ran into, and (potentially) fun facts.

Presenters:

• Kyle Nordby - DFIR Enthusiast
  Kyle Nordby is an information security professional that has years of experience. With multiple GIAC certifications, he is currently working on his Master's with an IR focus. His work ranges in threat hunting, IR, SOC operations, detection engineering, and research. He is survived by his two cats, Lina and Jupiter.

Links:

• https://cactuscon-12.sessionize.com/session/556830

Similar Presentations:

• DEF CON 18 (2010) / Sniper Forensics - One Shot, One Kill