Hello, I’ve been trying to go through the questions here and I just can’t figure them out. I went through all the modules prior quite easily and haven’t been able to figure out the first question even for the “C:\Logs\DLLHijack” question. I know to filter events by ID 7 but from there I’m struggling on what to do, I’ve been trying to manually go through the logs but it’s been very time consuming. Any tricks or tips would be greatly appreciated. Thank You!!

Did you end up figuring this out? I’m having the same issue.

did you find out? i am stuck there

Hi Tharris,

Try to use Get-WinEvent command explained in the course to be able to givethe path and filter ID and filter with Where-Object to find Image locations which are not normal (Sorry, according to the rules not to spoil the task here, I can’t be more specific, but you will get it).

DONT FORGET TO LIKE :slight_smile: