Tips-Of-Mine/PowerHuntShares
Tips-Of-Mine/PowerHuntShares
2
0
Fork 0
mirror of https://github.com/NetSPI/PowerHuntShares.git synced 2025-05-05 03:38:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Scott Sutherland 2022-04-05 21:40:37 -05:00 committed by GitHub
parent 9df658d87d
commit 43e834e03a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -194,7 +194,8 @@ Primary Todo
* pull spns and computer description/spn account descriptions to help identify owner/business unit * pull spns and computer description/spn account descriptions to help identify owner/business unit
**Questions** **Questions**
* under what conditions are Creation time, "LastAccessTime" and "LastWriteTime" set? CreationTime is the time that the file was created on a disk partition; Windows doesn't keep track of the last access times for directories since win7?;In general adding, renaming or deleting a file or folder will change both LastAccessTime and LastWriteTime.;last accessed timestamp is static unless the feature is enabled; fsutil behavior set disablelastaccess 0 (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate);Registry - default disabled setting: dword:80000003 * under what conditions are Creation time, "LastAccessTime" and "LastWriteTime" set? CreationTime is the time that the file was created on a disk partition; Windows doesn't keep track of the last access times for directories since win7?;In general adding, renaming or deleting a file or folder will change both LastAccessTime and LastWriteTime.;last accessed timestamp is static unless the feature is enabled; fsutil behavior set disablelastaccess 0 (HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate);Registry - default disabled setting: dword:80000003;However, if you move a file to a different partition/disk on your computer, the CreationTime will be updated, but because the content hasn't changed, the LastWriteTime won't be.
So you end up in a situation where your CreationTime is later than your LastWriteTime.
* what does share owner mean when system, vs trustedinstaller vs administrators vs network service - what can we infer that would be meaningful * what does share owner mean when system, vs trustedinstaller vs administrators vs network service - what can we infer that would be meaningful
* what are some of the most common shares, can we automat profile them and highlight "known" application shars in the data insights? * what are some of the most common shares, can we automat profile them and highlight "known" application shars in the data insights?
* can we predict file path with enough collect data to analyze? * can we predict file path with enough collect data to analyze?