CTF Writeupmedium
WorkFromHome
Windows workstation DFIR investigation tracing phishing to RDP access, SeManageVolumePrivilege exploitation, dual DLL search order hijacking (PrintConfig.dll and tzres.dll), LOLBIN certutil abuse, VBScript persistence, and wallpaper defacement across browser artifacts, USN Journal, event logs, and Defender MPLog.
