bird.makeup

My new blog post 🥳 Improving AFD Socket Visibility for Windows Forensics & Troubleshooting It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥 https://www.huntandhackett.com/blog/improving_afd_socket_visibility
See Tweet

Service load: 36 hours to fetch all users
Source Code Support us on Patreon