@duanegran I have open SOC incident reports based on what I've seen people do on calls. Things like opening OneNote to see a list of every service account and their passwords for an application. The app team was not happy that had to rotate every single one.

@duanegran I always judge people who get on calls with Security (especially vendors) with "Restart Browser to Update" or somesuch message as they present their decks. Also anybody who shares their ENTIRE desktop, not just the window they need to share.