Investigating Windows 2.0 - TryHackMe Walkthrough

Introduction:- In the previous challenge (Investigating Windows) you performed a brief analysis. Within this challenge, you will take a deeper dive into the attack. Topics Covered:- Investigating a pre-compromised windows machine using process telemetry and persistence locations. Source Code script analysis for finding flags and core points Detailed analysis of infected system using Loki and its logs. Formulation of YARA rules of IDS, IPS and EDR. YARA rules are applied only to objects submitted to the internal Virtual Analyzer and Static analysis of an executable using PESTUDIO to find strings for file identification. Chapters:- 0:00 - Intro to InvestigatingWindows2.0 1:26 - Autoruns for Malware Forensics 8:58 - Process Hacker for CommandLine Forensics 12:30 - Procmon for Process Analysis 16:58 - Loki, for System Investigation 28:07 - Yara Rules, for Signature Based Detection 29:27 - PEStudio, for Binary Inspection Tools Used:- #ProcessExplorer #procexp #autoruns #ProcessHacker #loki #yara #mimikatz #ProcessMonitor #procmon #TaskScheduler Room Link: https://tryhackme.com/room/investigatingwindows2