Windows Endpoint Security: Processes
In this lab, you will leverage windows command line tools to explore process and process execution. This will culminate in using those tools to identify malicious process activity spawned from educational malware.
Terms and conditions apply.
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Exploring Processes with Taskmgr and Tasklist
View running process attributes with task manger, and then dig deeper into some of the detailed process attributes using tasklist. Build skills needed to understand what information is available around processes execution.
WMIC Process Inspection
WMIC provides a different view of process execution, additionally useful attributes for analysis, and the ability to create arbitrary processes at will.
PowerShell Process Inspection
PowerShell provides a way to integrate automation and the use handling of processes as objects that, when coupled with other commands, becomes a powerful tool for anomaly detection. Here you will launch live malware and respond with PowerShell commands to the environment activity.
The Last Challenge
This is the last challenge of this lab, and your last chance to experience the environment before clicking finish lab, ending this small little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
- An interest in cyber security