Webinars

Living off the land: Investigating attacks that leave no malware behind

Modern attackers increasingly rely on tools already present on the systems they compromise — PowerShell, WMI, scheduled tasks, RDP, and other built-in utilities that blend into normal administrative activity. This episode works through the LOLBin problem in three layers: the detection foundation (baselining tool usage and building appropriately scoped alerts), filtering legitimate from malicious usage by parent process, argument structure, and behavioral context, and the forensic reconstruction — the host artifacts that survive when SIEM telemetry is gone. Covers PowerShell ScriptBlock logs, WMI event subscriptions, scheduled task XML definitions, Shimcache, Amcache, prefetch, and RDP/SMB lateral movement artifacts, with Magnet Axiom Cyber for endpoint artifact analysis and Magnet Nexus for enterprise-wide scoping.

After viewing this webinar, you can download a certificate of completion from the event console.
Doug Metz
Senior Security Forensics Specialist, Magnet Forensics
Jeff Rutherford
Forensics Consultant, Magnet Forensics
DURATION
45 Mins.

Register Now

Share

Related Resources

Jul 15
Upcoming Webinars

Upcoming Webinars

Digital evidence in the courtroom: Faster, defensible digital review

Digital evidence can be a crucial element to successfully prosecuting a case — and reviewing that evidence shouldn’t slow down your progress.   In this session, see how you can utilize a no-license and user-friendly way to quickly find, review, and prepare significant evidence so you can move cases forward faster and present it with confidence in court.   In this session, you’ll learn how to:   Load and review a Portable Case with ease Navigate and search mobile evidence to find what matters faster Filter and tag key evidence for case building Export exhibits and prepare evidence for court Streamline review workflows, including cloud-based access

ai-de , cloud-de , computer , media , mobile-de

Learn More & Register

Jul 29
Upcoming Webinars

Upcoming Webinars

Ask Me Anything: Accelerating incident response with digital forensics at scale

Whether it's ransomware, business email compromise, data exfiltration, or an insider threat, today's DFIR teams work across distributed endpoints, cloud workloads, and remote workforces, often with limited visibility.

corporate

Learn More & Register

On Demand Webinars

On Demand Webinars

Magnet Review: Ensuring secure cloud-based investigations

Fresh off a recently completed Information Security Registered Assessors Program (IRAP) assessment, Magnet Review is now evaluated against the Australian Government’s Information Security Manual (ISM) at the “PROTECTED” classification level.

cloud , magnet-one , magnet-review

Learn More & Register

Resource Center Home

Subscribe today to hear directly from Magnet Forensics on the latest product updates, industry trends, and company news.

Start modernizing your digital investigations today.

Top