To get the most out of this book

• We assume that the readers of this book know the basic information security concepts and are familiar with Windows and Linux operating systems.
• Some of the demonstrations from this book can also be done in a lab environment; therefore, we recommend that you have a virtual lab with the following VMs: Windows Server 2012, Windows 10, and Kali Linux.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://static.packt-cdn.com/downloads/9781838827793_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. For example; " You can use the agent.exe-h command to get help about the possible command options."

A block of code is set as follows:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing.
Event ID: 4688
Task Category: Process Creation

Any command-line input or output is written as follows:

Invoke-WebRequest-Uri "https://github.com/gentilkiwi/mimikatz/releases/download/2.1.1-20170813/mimikatz_trunk.zip"-OutFile "C:tempmimikatz_trunk.zip"

Bold: Indicates a new term, an important word, or words that you see on the screen, for example, in menus or dialog boxes, also appear in the text like this. For example: "In an incident response process, the roles and responsibilities are critical. Without the proper level of authority, the entire process is at risk."