INCIBE-CERT

The Initial Access tactic is one of the 12 tactics that make up the matrix developed by MITRE for industrial environments (for more information on the matrix, feel free to consult the article ICS Matrix, the State of v11). Within this tactic, different techniques used by attackers with the aim of gaining unauthorized access to an industrial environment are shown. This is often the first target of external attackers, as access to the ICS's internal environment allows internal computers to be recognized and exploited, move around the network, gain elevated privileges, or steal sensitive information. Therefore, it is important to know this tactic in order to defend our systems

In the digital forensic analysis of Windows systems, artefacts such as event logs, prefetch files, LNK files or the Windows Registry are essential for the investigation of cyber incidents. These artefacts are characterised by the storage of detailed information about system and user activities, allowing the identification of malicious actions, the tracking of attackers' movements and the reconstruction of timelines of critical events. Thanks to these, attack techniques such as command execution, persistence and evasion of system defences can be detected. Knowledge about the collection and analysis of these artefacts ensures accurate and efficient analysis. Therefore, contextualising the relevance of these artefacts helps cybersecurity professionals to strengthen their detection and response capabilities, thus ensuring the integrity of collected evidence and improving the effectiveness of digital forensic investigations.

Nmap (Network Mapper) is a widely recognized tool in the field of computer security and network administration. Its popularity lies in its ability to map networks and detect active services on connected devices. Since its inception in 1997, by Gordon Lyon, Nmap has been one of the most trusted tools for performing security analysis, identifying open ports, and services available on remote hosts. Over the years, the tool has evolved and adapted to the growing demands of the cybersecurity field.