In this blog, we explore how detect and investigate file transfer activities, including FTP uploads/downloads, Impacket SMB interactions, and LOLBin abuse with focus on MDE telemetry.