[nullsense]

Right, I'm with you. I can totally appreciate what even small compromises can open up.

My wife's laptop just got compromised a couple of weeks ago, and I've been diving down the security rabbit hole of figuring out how it happened, what's going on on my network and my computer and phones etc. It has been a rude awakening as to the sheer amount of blind trust I've been placing in all my devices. After watching what network traffic comes and goes on my laptop and how much info gets recorded by the system I've come to the conclusion that modern OSes and browsers that aren't explicitly privacy focuses are basically spyware. My new mindset is 'assume everything is compromised at all times and treat it accordingly'.

[hayst4ck]

Sounds like a lot of fun (actually)!

What OS? I assume Windows? What kind of artifacts have you already discovered?

DNS is a surprisingly fruitful thing to pay attention to.

Some viruses will delete themselves if they detect things like Wireshark or Python are installed.

I believe this is one of the big boy tools, though I haven't used it: https://www.volatilityfoundation.org/about

https://www.varonis.com/blog/how-to-use-volatility looks like a fun exercise.

[nullsense]

I ran OSForensics on the machine last night. It was my first time running a tool like this, and I while I didn't manage to find a smoking gun, I did find some questionable files masquerading as an installer where there were all kinds of different files and file types but they were actually all executables. I wound up deleting those.

What I did discover is that by default Chrome captures and stores every field you submit to every form in a SQLite database. The amount of PII that turned up was absolutely staggering. If I could only exfiltrate one file from a machine, it would be that.

It sort of boggles the mind that that's a thing at all. I don't ever want to touch a browser ever again.