Learn about incident detection techniques in Operational Technology (OT) environments through this conference talk from BSides Budapest 2024. Discover practical approaches for identifying attacker traces in heterogeneous Windows environments where traditional security tools like EDR solutions cannot be deployed. Explore batch scripting techniques that leverage standard Windows binaries in innovative ways, ensuring compatibility across Windows versions from XP to 11. Gain insights from real-world cyber incident response experiences specifically tailored for SCADA/HMI devices and OT Ethernet networks where CPU load restrictions and limited PowerShell access present unique challenges.