Hey everyone! Today's video is on common Windows processes. Have you ever opened up your task manager and wondered if a .exe or other process was actually malware running on your system? Well, the best place to start is by learning some of the basic Windows processes and what the normal baseline should look like. We'll be talking about Process Explorer (an advanced system utility) and some of the ways to spot the ways threat actors might hide their malware in plain sight! As a SOC analyst, you'll be alerted to events involving these processes, and you can use your skills to determine whether they're benign or an indicator of an attack.
Twitter - https://twitter.com/cybergraymattir
00:00 Intro
00:26 What is a Windows Process?
01:04 Common Indicators
02:45 System
03:18 smss.exe
03:55 wininit.exe
04:14 runtimebroker.exe
04:46 taskhostw.exe
05:17 winlogon.exe
06:05 csrss.exe
06:51 services.exe
07:17 svchost.exe
08:03 lsass.exe
08:37 lsaiso.exe
09:28 explorer.exe
10:06 Outro
Download Sysinternals Process Explorer- https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer
Links:
https://medium.com/@X3non_C0der/windows-threat-hunting-processes-of-interest-1b0bfcf0433f
https://www.socinvestigation.com/hunting-for-suspicious-windows-services-mind-map/
https://www.sans.org/posters/hunt-evil/
https://www.cybersecurity-insiders.com/threat-hunting-for-suspicious-file-types-on-the-host/
Video Assets:
All video assets are licensed through a subscription to Envato Elements for this specific project. https://elements.envato.com/
