1st 3 Windows IR Commands - BHIS Nuggets | John Strand

Black Hills Information Security

1 год назад

4,895 Просмотров

Скачать видео

Комментарии:

@thedevinmccarthy - 23.06.2023 19:16

"hot state on state actor action" 😂

Ответить

@WestCoastDesign - 23.06.2023 19:33

wHaT iF tHe MaLwArE iS uSinG rAw SoCkEtZ

Ответить

@anthonynowlan9765 - 24.06.2023 05:18

Why is svchost a thing?

Ответить

@phoneaccount6942 - 24.06.2023 05:56

These nuggets are gold

Ответить

@GadgetMick - 29.06.2023 22:04

Great video. I'm glad that all those hours spent looking at the output of netstat haven't been wasted 😂

I would love a bit more of an explanation as to why you'd see those 4 DLLs in a lot of application level backdoor 😊

Ответить

@joepangit6938 - 03.07.2023 07:44

You taught us this a long time ago in a GCIH class in Vegas. It looks like a lot of the basics don't change so much. Almost every time I teach someone netstat -anob they think I'm some type of wizard :)

Ответить

@khayla_matthews - 15.07.2023 16:21

Very informative 👍🏾

Ответить

@alexmags - 16.07.2023 21:23

I like Resource Monitor GUI to see network connections and file access by processes. Perfmon.exe /res

Ответить

@hptc4400 - 07.09.2023 01:57

1. netstat -naob
2. wmic process where processid=<process id found from previus command> get commandline
3. tasklist /m /fi "pid eq <process id from above>"
Four dynamic link libraries associated with common basic level backdoors with command line access and network access "ntdll.dll, wow64.dll, wow64win.dll, wow64cpu.dll"

Ответить