Tools
Event Viewer
This is a built in tool for monitoring the local system. Exploration and familiarization of this tool is crucial in understanding an attack on the system.
For a gentle introduction follow along with:
Event Viewer Walkthrough
Autoruns
This tool is used to display what programs are configured to run at boot. This can be very useful in detecting malicous scripts as well as minimizing attack surface.
Familiarization of this tool, as well as, the knowledge of which scripts are necessary to the machine could be crucial.
Check out this video for a guided approach:
Advanced autoruns tutorial
Process Viewer
This tool can be used to monitor all processes and view some information about what that process is doing, for example what files they have open.
Follow along with:
Process Viewer Guide
TCP View
This tool provides detailed information about the network communications of the local computer and can be used to monitor for malicious programs attempting to steal data
For a brief overview:
TCP View overview
AD Password Control & Bulk Password Control
This tool is designed to allow for Domain wide account control and includes a random password generator.
For the basic functionality:
Password Control
For bulk control:
Bulk Password Control