Windows Core Processes | Threat Hunting & Cybersecurity | Process Explorer
Hey everyone! Today's video is on common Windows processes. Have you ever opened up your task manager and wondered if a .exe or other process was actually malware running on your system? Well, the best place to start is by learning some of the basic Windows processes and what the normal baseline should look like. We'll be talking about Process Explorer (an advanced system utility) and some of the ways to spot the ways threat actors might hide their malware in plain sight! As a SOC analyst, you'll be alerted to events involving these processes, and you can use your skills to determine whether they're benign or an indicator of an attack.
Twitter - / cybergraymattir
00:00 Intro
00:26 What is a Windows Process?
01:04 Common Indicators
02:45 System
03:18 smss.exe
03:55 wininit.exe
04:14 runtimebroker.exe
04:46 taskhostw.exe
05:17 winlogon.exe
06:05 csrss.exe
06:51 services.exe
07:17 svchost.exe
08:03 lsass.exe
08:37 lsaiso.exe
09:28 explorer.exe
10:06 Outro
Download Sysinternals Process Explorer- https://learn.microsoft.com/en-us/sys...
Links:
/ windows-threat-hunting-processes-of-interest
https://www.socinvestigation.com/hunt...
https://www.sans.org/posters/hunt-evil/
https://www.cybersecurity-insiders.co...
Video Assets:
All video assets are licensed through a subscription to Envato Elements for this specific project. https://elements.envato.com/
Watch video Windows Core Processes | Threat Hunting & Cybersecurity | Process Explorer online without registration, duration hours minute second in high quality. This video was added by user Cyber Gray Matter 01 January 1970, don't forget to share it with your friends and acquaintances, it has been viewed on our site 2,970 once and liked it 123 people.