A really nasty feeling
-
So I came in this morning and found my browser open at the router admin screen, someone has remote access to my machine me thinks. I'm on win 10 using MS defender which reports no issues, a dynamic IP so how would I go about finding how the machine was accessed?
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
-
So I came in this morning and found my browser open at the router admin screen, someone has remote access to my machine me thinks. I'm on win 10 using MS defender which reports no issues, a dynamic IP so how would I go about finding how the machine was accessed?
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
Ive always wondered about this too...how can you know what happened after the fact? I’m wondering if there is anything in Windows event logs if you look closely? There probably isn’t anything but maybe you could see access to network drives or apps that ran. I’m not sure. Good luck and I hope you find some clues. Let us know if you do I’m very interested.
-
So I came in this morning and found my browser open at the router admin screen, someone has remote access to my machine me thinks. I'm on win 10 using MS defender which reports no issues, a dynamic IP so how would I go about finding how the machine was accessed?
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
-
So I came in this morning and found my browser open at the router admin screen, someone has remote access to my machine me thinks. I'm on win 10 using MS defender which reports no issues, a dynamic IP so how would I go about finding how the machine was accessed?
Never underestimate the power of human stupidity - RAH I'm old. I know stuff - JSOP
If an attacker has had control of your computer, it's no longer your computer. Boot a *nix live image to back up data if needed, and then delete your partitions and reinstall the OS from scratch.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason? Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful? --Zachris Topelius Training a telescope on one’s own belly button will only reveal lint. You like that? You go right on staring at it. I prefer looking at galaxies. -- Sarah Hoyt
-
Ive always wondered about this too...how can you know what happened after the fact? I’m wondering if there is anything in Windows event logs if you look closely? There probably isn’t anything but maybe you could see access to network drives or apps that ran. I’m not sure. Good luck and I hope you find some clues. Let us know if you do I’m very interested.
In the event logs look for a login/logout record. Just a quick StartPage search pulled up this link and it looks interesting. So without further delay: windows-rdp-related-event-logs-identification-tracking-and-investigation[^]
Jack of all trades, master of none, though often times better than master of one.
