Uploaded byRoNTertainmentTV
PPTX, PDF13 views

Identifying IOC in Windows with Security.pptx

IOC Windows

Embed presentation

Download to read offline
SEC 815 Digital Forensic and Incident Response Identifying Indicator of Compromise (IOC) on Windows
• Program is simply an executable • Process • Process ID • Memory space • Executable program • Handles • File descriptors in dd • Security context • Threads Process vs. Program (App)
• A process is a program in execution • A thread is a lightweight process • A thread is usually part of a process • Inter-Process Communication • Communication between 2 applications • Intra-Process Communication • Communication between 2 open threads (e.g. tabs) Process vs. Thread
• User mode • Privileged mode • Kernel mode (Windows) • Root mode (Linux) • Hypervisor mode – only in a virtual machine (VM) setting Process Modes: User vs. Kernel
User Mode Kernel/Root Mode • Restricted hardware access • Dedicated memory address space • Need permission to change access privilege • No hardware access restriction • Single address space • Access privilege change does not require any permission
High-Level View of Windows Processes
Windows Tools • SysInternals Suite: TCPView and Process Explorer Linux Tools • Netstat –nlap • ps –ef • ps aux • strings <Hendra.jpg> Finding Malware with Process Explorer & TCP View
Install SysInternals Suite, a Microsoft set of tools Experiment with TCPView and Process Explorer Rerefence: https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite Homework & Preparation for the Upcoming Lab

More Related Content

PPT
Chapter 02
byDolly Bhateja
 
PPT
Chapter 02
bym25farid
 
PPT
Chapter02
byDownloadssu Fullmaza
 
DOCX
My first Operating System Presentation
byRida Bilgrami
 
PDF
Windows internals Essentials
byJohn Ombagi
 
PDF
Fighting Malware Without Antivirus
byEnergySec
 
PPT
the windows opereting system
byЮсуф Сатторов
 
PPT
Earhart
bysiam hossain
 
Chapter 02
byDolly Bhateja
 
Chapter 02
bym25farid
 
Chapter02
byDownloadssu Fullmaza
 
My first Operating System Presentation
byRida Bilgrami
 
Windows internals Essentials
byJohn Ombagi
 
Fighting Malware Without Antivirus
byEnergySec
 
the windows opereting system
byЮсуф Сатторов
 
Earhart
bysiam hossain
 

Similar to Identifying IOC in Windows with Security.pptx

PPTX
05-introduction-to-operating-systems.pptx
bypepecompany1
 
PDF
openioc_scan - IOC scanner for memory forensics
byTakahiro Haruyama
 
PDF
Analysis Of Process Structure In Windows Operating System
byDarian Pruitt
 
PDF
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
PDF
The linux kernel hidden inside windows 10
bymark-smith
 
PPT
The evolution of an operating system.ppt
bykrishnakrishkrish100
 
PPT
EVO of OS is explained here with proper examples
bymahaesevakendra1
 
PPT
2337610
byhantfhan
 
PDF
Process management
byMohd Arif
 
PPTX
ADBB_204_Operating_System_10_09_2024[1].pptx
byahirangad66
 
PPTX
Difference Program vs Process vs Thread
byjeetendra mandal
 
PPT
Ch1
byrupalidhir
 
PPTX
Case study operating systems
byAkhil Bevara
 
PDF
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin
byTakahiro Haruyama
 
PDF
unit 2 confinement techniques.pdf
byRohitGautam261127
 
PDF
CNIT 126: 8: Debugging
bySam Bowne
 
PPT
Understandingiis 120715123909-phpapp01
byarunparmar
 
PPTX
Advanced Windows Debugging
byBala Subra
 
PPTX
CH08-COA10e.pptx
byUzairShah46
 
PDF
Windows Kernel Debugging
byThomas Roccia
 
05-introduction-to-operating-systems.pptx
bypepecompany1
 
openioc_scan - IOC scanner for memory forensics
byTakahiro Haruyama
 
Analysis Of Process Structure In Windows Operating System
byDarian Pruitt
 
Would you Rather Have Telemetry into 2 Attacks or 20? An Insight Into Highly ...
byMITRE ATT&CK
 
The linux kernel hidden inside windows 10
bymark-smith
 
The evolution of an operating system.ppt
bykrishnakrishkrish100
 
EVO of OS is explained here with proper examples
bymahaesevakendra1
 
2337610
byhantfhan
 
Process management
byMohd Arif
 
ADBB_204_Operating_System_10_09_2024[1].pptx
byahirangad66
 
Difference Program vs Process vs Thread
byjeetendra mandal
 
Ch1
byrupalidhir
 
Case study operating systems
byAkhil Bevara
 
Fast and Generic Malware Triage Using openioc_scan Volatility Plugin
byTakahiro Haruyama
 
unit 2 confinement techniques.pdf
byRohitGautam261127
 
CNIT 126: 8: Debugging
bySam Bowne
 
Understandingiis 120715123909-phpapp01
byarunparmar
 
Advanced Windows Debugging
byBala Subra
 
CH08-COA10e.pptx
byUzairShah46
 
Windows Kernel Debugging
byThomas Roccia
 

More from RoNTertainmentTV

PPT
Overview Of Canadas Immigration Policy.ppt
byRoNTertainmentTV
 
PDF
Pirate-life-for-me in a day powerpoint.pdf
byRoNTertainmentTV
 
PPTX
Course 101 - Password Recovery in Forensic.pptx
byRoNTertainmentTV
 
PPTX
Python-Chapter 08 in a Python Programming Course.pptx
byRoNTertainmentTV
 
PPTX
Cloud Security Concept in Security .pptx
byRoNTertainmentTV
 
PPTX
File Carving of a Data security Management
byRoNTertainmentTV
 
PPTX
A zero Trust Protect Surface Mapping for a Website
byRoNTertainmentTV
 
PPTX
EARLY-REGISTRATION-TARPAPEL.pptx
byRoNTertainmentTV
 
PPTX
Lesson4.1.pptx
byRoNTertainmentTV
 
PPTX
Lesson2.pptx
byRoNTertainmentTV
 
PPTX
Lesson1.pptx
byRoNTertainmentTV
 
DOCX
MEDIA LITERACY-DLL 4.docx
byRoNTertainmentTV
 
DOCX
2.-MEDIA-DLL copy.docx
byRoNTertainmentTV
 
DOCX
1.-MEDIA-DLL week1.docx
byRoNTertainmentTV
 
DOCX
Daily Lesson Log in MIL Week 5.docx
byRoNTertainmentTV
 
DOCX
Daily Lesson Log in MIL.docx
byRoNTertainmentTV
 
PPTX
Workplace Emergency Categories.pptx
byRoNTertainmentTV
 
PPTX
Use of Personal Protective Equipment (PPE).pptx
byRoNTertainmentTV
 
PPTX
Examples of TYpes of Hazards.pptx
byRoNTertainmentTV
 
PPTX
CLASSIFICATION OF MARKET STRUCTURES.pptx
byRoNTertainmentTV
 
Overview Of Canadas Immigration Policy.ppt
byRoNTertainmentTV
 
Pirate-life-for-me in a day powerpoint.pdf
byRoNTertainmentTV
 
Course 101 - Password Recovery in Forensic.pptx
byRoNTertainmentTV
 
Python-Chapter 08 in a Python Programming Course.pptx
byRoNTertainmentTV
 
Cloud Security Concept in Security .pptx
byRoNTertainmentTV
 
File Carving of a Data security Management
byRoNTertainmentTV
 
A zero Trust Protect Surface Mapping for a Website
byRoNTertainmentTV
 
EARLY-REGISTRATION-TARPAPEL.pptx
byRoNTertainmentTV
 
Lesson4.1.pptx
byRoNTertainmentTV
 
Lesson2.pptx
byRoNTertainmentTV
 
Lesson1.pptx
byRoNTertainmentTV
 
MEDIA LITERACY-DLL 4.docx
byRoNTertainmentTV
 
2.-MEDIA-DLL copy.docx
byRoNTertainmentTV
 
1.-MEDIA-DLL week1.docx
byRoNTertainmentTV
 
Daily Lesson Log in MIL Week 5.docx
byRoNTertainmentTV
 
Daily Lesson Log in MIL.docx
byRoNTertainmentTV
 
Workplace Emergency Categories.pptx
byRoNTertainmentTV
 
Use of Personal Protective Equipment (PPE).pptx
byRoNTertainmentTV
 
Examples of TYpes of Hazards.pptx
byRoNTertainmentTV
 
CLASSIFICATION OF MARKET STRUCTURES.pptx
byRoNTertainmentTV
 

Recently uploaded

PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PDF
"September 1, 1939": A Modern Reading of Auden in Times of Crisis
byKruti Vyas
 
PPTX
How to Set Recurring Tasks in Odoo Projects
byCeline George
 
PDF
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
PPTX
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
PDF
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PPTX
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PPTX
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
PDF
Intellectual Property Rights I Types (IPR)
byAmit Gangwal
 
PDF
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
PPT
Card repertory , Boger card , Kishore card
byDr Dhwanika Dhagat
 
PPTX
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PDF
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PPTX
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
"September 1, 1939": A Modern Reading of Auden in Times of Crisis
byKruti Vyas
 
How to Set Recurring Tasks in Odoo Projects
byCeline George
 
Art, Memory, and Modernity: A Study of W. H. Auden’s In Memory of W. B. Yeats
bypriyarathod315
 
S.Y. B. Pharm Medicinal Chemistry I Unit-I
byMs. Ashatai Patil
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Overview of How to set priority in Odoo 19 Todo
byCeline George
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
Greengnorance Toolkit Module 3 Shopping and Food
byKarl Donert
 
Intellectual Property Rights I Types (IPR)
byAmit Gangwal
 
Conservation of Earthen Structures in India Preserving Traditional and Sustai...
byAman Kumar Singh
 
Card repertory , Boger card , Kishore card
byDr Dhwanika Dhagat
 
Types of counselling Directive, Non Directive, Eclectic Counselling
byPriya Sush
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
A Study of W. H. Auden’s September 1, 1939
bypriyarathod315
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
How to perform product search based on a custom field from the Website Shop p...
byCeline George
 

Identifying IOC in Windows with Security.pptx

  • 1.
    SEC 815 DigitalForensic and Incident Response Identifying Indicator of Compromise (IOC) on Windows
  • 2.
    • Program issimply an executable • Process • Process ID • Memory space • Executable program • Handles • File descriptors in dd • Security context • Threads Process vs. Program (App)
  • 3.
    • A processis a program in execution • A thread is a lightweight process • A thread is usually part of a process • Inter-Process Communication • Communication between 2 applications • Intra-Process Communication • Communication between 2 open threads (e.g. tabs) Process vs. Thread
  • 4.
    • User mode •Privileged mode • Kernel mode (Windows) • Root mode (Linux) • Hypervisor mode – only in a virtual machine (VM) setting Process Modes: User vs. Kernel
  • 5.
    User Mode Kernel/Root Mode •Restricted hardware access • Dedicated memory address space • Need permission to change access privilege • No hardware access restriction • Single address space • Access privilege change does not require any permission
  • 6.
    High-Level View ofWindows Processes
  • 7.
    Windows Tools • SysInternalsSuite: TCPView and Process Explorer Linux Tools • Netstat –nlap • ps –ef • ps aux • strings <Hendra.jpg> Finding Malware with Process Explorer & TCP View
  • 8.
    Install SysInternals Suite,a Microsoft set of tools Experiment with TCPView and Process Explorer Rerefence: https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite Homework & Preparation for the Upcoming Lab