Скачать или смотреть Windows XP - Incident Response Part 1

Windows XP - Incident Response Part 1

incident responsewindows xp malwaresoc analystsecurity analystmalware analysis

Скачать Windows XP - Incident Response Part 1 бесплатно в качестве 4к (2к / 1080p)

У нас вы можете скачать бесплатно Windows XP - Incident Response Part 1 или посмотреть видео с ютуба в максимальном доступном качестве.

Для скачивания выберите вариант из формы ниже:

Информация по загрузке:

Cкачать музыку Windows XP - Incident Response Part 1 бесплатно в формате MP3:

Если иконки загрузки не отобразились, ПОЖАЛУЙСТА, НАЖМИТЕ ЗДЕСЬ или обновите страницу
Если у вас возникли трудности с загрузкой, пожалуйста, свяжитесь с нами по контактам, указанным в нижней части страницы.
Спасибо за использование сервиса video2dn.com

Описание к видео Windows XP - Incident Response Part 1

This series of incident response takes a look at how to perform incident response against a windows XP system. Windows XP was selected as a starting point due to the fact that many organizations may still be using windows XP somewhere for service accounts or by throwing IIS on it and calling it a server (I've seen 3.1 systems in some environments up until about a year or two ago). This series will then pivot from the prospective of an attacker and finally, what an incident responder must collect in order to detect, contain and remediate.

CHANGE THE ≥ TO THE PROPER GREATER THAN SYMBOL WE CANT INCLUDE THIS DUE TO FILTRATION WITH HTML

Command Listing:

=================
Scheduled Tasks:
=================
schtasks /query
schtasks /query /fo LIST
schtasks /query /fo LIST ≥ month_day_year_schtask.log

===============
Services:
===============
sc query
sc query ≥ month_day_year_svcs.log

===================
Running Processes:
===================
wmic process list brief
wmic process list brief ≥ 00_00_00_proclist.log
tasklist
tasklist ≥ 00_00_00_running_proc.log

====================
Registry Run Points:
====================
HKLM\software\microsoft\windows\current version\run
HKLM\software\microsoft\windows\current version\run once
HKLM\software\microsoft\windows\current version\run services
HKLM\software\microsoft\windows\current version\run services ex
HKLM\software\microsoft\windows nt\current version\
HKLM\software\microsoft\windows\current version\run
HKCR\exefile\shall\open\command (Default) %"1" %* (if this is changed from default, there is a potential form of persistence loading each time you load an exe.)
======================
Folder Startup points:
======================
C:\windows\system32\config\systemprofile\start menu\programs\startup\
C:\documents and settings\%USERNAME%\start menu\programs\startup\

================================
9X - NT(*) INI File Start paths:
================================
Win.ini: C:\windows\win.ini
[win]
load=
run=

system.ini: C:\windows\system.ini
[boot]
shell=

=====================
NETWORK INFORMATION:
=====================
netstat
netstat -ano
netstat -ano | findstr "string"
netstat -ano ≥ listening_ports.log

=======================================
Windows XP Versions of WireShark Ports:
=======================================
tcp.port eq "portnumber"
udp.port eq "udpport"
tcp.ip == "ipaddress"

==============================================
Windows XP Versions of WireShark IP Addresses:
==============================================
ip.addr==192.168.1.1

==========================================
WINDOWS EVENT VIEWER AUDITING EVENT ID's:
==========================================
560 - Object Access. When a program opens an object (File).
562 - Registry Modification / Key Created.

Google Drive Link: https://drive.google.com/drive/home
Twitter / X: https://x.com/Attack_404

Комментарии

Информация по комментариям в разработке