bird.makeup

My new blog post 🥳 Improving AFD Socket Visibility for Windows Forensics & Troubleshooting It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥 https://www.huntandhackett.com/blog/improving_afd_socket_visibility
See Tweet

Service load: Currently crawling 1000 users per hour
Source Code Support us on Patreon