How to detect what command line spawned a process with no EDR-AV (Windows)
https://www.inversecos.com/2022/10/how-to-investigate-insider-threats.html
https://www.inversecos.com/2022/07/hunting-for-apt-abuse-of-exchange.html
https://www.inversecos.com/2022/05/how-to-perform-clipboard-forensics.html
https://www.inversecos.com/2022/04/defence-evasion-technique-timestomping.html
https://www.inversecos.com/2022/04/malicious-registry-timestamp.html