1
00:00:00,720 --> 00:00:09,360
‫Let's see a Gather module on Windows systems in terms of this module list, the information of the machines

2
00:00:09,360 --> 00:00:12,360
‫that have made remote desktop connections to this machine.

3
00:00:13,170 --> 00:00:19,170
‫If you use this command on a server, you can find the privileged users, such as system admins and

4
00:00:19,170 --> 00:00:20,220
‫database admins.

5
00:00:20,790 --> 00:00:27,300
‫In fact, this module looks at the compromised systems registry and lists the keys and values from the

6
00:00:27,300 --> 00:00:30,450
‫path of each key user's software.

7
00:00:30,480 --> 00:00:32,850
‫Microsoft Terminal Server client.