Tag

Fsutil

2 briefs RSS

Windows USN Journal Deletion via Fsutil

Adversaries may delete the volume USN Journal on Windows systems using `fsutil.exe` to eliminate evidence of post-exploitation file activity.

Windows defense-evasion fsutil usn journal

2r 1t Jan 3, 2024

low advisory

Windows Peripheral Device Discovery via fsutil

2 rules 1 TTP

Adversaries may use the Windows file system utility, fsutil.exe, with the fsinfo drives command to enumerate attached peripheral devices and gain information about a compromised system.

Microsoft Defender XDR +1 discovery windows fsutil

2r 1t Jan 2, 2024