Investigating a Network Compromise

In this lab, you will be exposed to a system that has been compromised by an attacker and learn to look for the signs of compromise, including malicious processes and unauthorized network connections. As the number of network attacks against companies and originations continue to increase, it is paramount that you understand what the indicators of compromise are and how to find them on a system that has been reported for acting suspiciously.

Overview

A network compromise is when your system is attacked and an attacker has a foothold over the operating system and has performed various actions such as installing back doors, modifying the file system, and created log file entries. It is critical for you to be able to know what the indicators of a network compromise are and know how to respond to one.

OUTCOMES

in this lab, you will learn to:

Collect Volatile Data
Capture and Analyze RAM
Examine Scheduled Tasks
Examine File System Artifacts
Examine Services

Courses

Cybersecurity Attack and Defend

Key terms and descriptions

Task Scheduler

This allows an administrator to automatically set programs to run on the system.

tasklist

A built-in Windows tool that will show you running processes.

msconfig

A built-in Windows tool that allows you to view the System Configuration.

find

A Windows command that allows you to parse through output in the command line.

dumpit

A free stand-alone executable that can make an image of RAM.