Windows Breadcrumbs Enterprise
Windows offers many places where attackers commonly look for stored credentials. Trapster supports multiple breadcrumb formats for Windows endpoints.
Generate breadcrumbs from Trapsters → device → Services → Generate breadcrumb on the relevant service row.
Available formats
| Format | Service examples | Guide |
|---|---|---|
| FileZilla profile | FTP | FileZilla |
| PuTTY profile | SSH | PuTTY |
| WinSCP profile | FTP | WinSCP |
| HTTP shortcut | HTTP | HTTP shortcut |
| HTTPS shortcut | HTTPS | HTTPS shortcut |
| PowerShell history | SSH, FTP, HTTP, HTTPS, SMB, MySQL, PostgreSQL, MSSQL, RDP, Telnet, Rsync | PowerShell history |
| RDP profile | RDP | RDP shortcut |
| PowerShell script (.ps1) | Most services | PowerShell script |
| PowerShell SSH script | SSH | PowerShell SSH script |
SMB share breadcrumbs (Windows SMB shortcut, PowerShell SMB script) are documented under Network shares.
Related
- Breadcrumbs overview
- Credential breadcrumbs: How unique identifiers trace attacker origin
