ChaitanyaHaritash
commented
1 month ago Hi its old and i lost my notes and only way to flag this is by checking evtx logging unfortunately i can recall so far.
other way could be checking if these APIs are misbehaving oddly than regular usage like checking the parameter values provided, i can think of.
rest debugger and DFIR tools are your only friends
I'm currently trying to figure out how to detect this kind of behavior. However the tweet is sadly not available anymore! Anyond has a copy or hints for detecting this kind of behavior?