The actor using tools like net , ipconfig , or ADFind to map the network.
Often identifies the team or the metric being tested. Teams like eSentire's TTR unit focus on rapid detection and remediation of active threats like Matanbuchus or Ransomware. TTR - TheDenOfTheVicious.zip
Snapshots of a compromised system's RAM to find "fileless" malware or cached credentials. The actor using tools like net , ipconfig
Windows Security, System, or Application logs (.evtx) that track unauthorized logins or process executions. The actor using tools like net