Michael MartineMar 20, 2023
#shownotes for @gamesatwork_biz #podcast e409 are done, and publication set for tomorrow on https://www.gamesatwork.biz and all your favorite podcast feeds! Topics this week include Spotify’s #WonkaVision #metaverse #AI #GPT #MrsDavis #MicrosoftMesh #SL20B #DiabloIV and more!
Games At Work dot Biz e548 — The Uncomfortable Valley

A weekly podcast and blog where we focus on metaverse & gaming technology in business, gamification and the business of games.

Games At Work dot Biz | Play games with us!
Wes LambertDec 22, 2022

🦖Day 92 (THE LAST DAY!) of the @velocidex #velociraptor #ArtifactsOfAutumn series

Artifact: Exchange\.Windows.EventLogs.WonkaVision

Link: https://docs.velociraptor.app/exchange/artifacts/pages/windows.eventlogs.wonkavision

----

WonkaVision is a proof of concept (POC) tool to analyze Kerberos tickets and attempt to determine if they are forged (ex. #GoldenTicket), created by @exploitph and @4ndr3w6S.

https://github.com/0xe7/WonkaVision

Presentation:
https://github.com/0xe7/Talks/blob/main/Andrew_Charlie_SANS_Hackfest_2022_revised.pdf

----

This artifact can run WonkaVision, then collect its generated Windows event logs. From the event logs, we can detect potentially forged Kerberos tickets.

----

This concludes the #ArtifactsOfAutumn. Hope you enjoyed it, and thanks for all of the support!

#DFIR
#Forensics
#GoldenTicket
#infosec
#ThreatHunting
#WonkaVision

Windows.EventLogs.WonkaVision :: Velociraptor - Digging deeper!

Conservative HornDec 22, 2022
I’m late to Andor but did anyone else think this? #andor #wonkavision