Tag
This brief details a detection strategy for processes other than legitimate FileZilla or OneDrive clients attempting to access sensitive FileZilla FTP client configuration files, specifically `recentservers.xml` and `sitemanager.xml`, leveraging Windows Security Event Log 4663 to identify potential credential theft or data exfiltration.