Скачать или смотреть Investigating Windows 2.0 - TryHackMe Walkthrough

Introduction:-
In the previous challenge (Investigating Windows) you performed a brief analysis. Within this challenge, you will take a deeper dive into the attack.

Topics Covered:-
Investigating a pre-compromised windows machine using process telemetry and persistence locations.
Source Code script analysis for finding flags and core points
Detailed analysis of infected system using Loki and its logs.
Formulation of YARA rules of IDS, IPS and EDR.
YARA rules are applied only to objects submitted to the internal Virtual Analyzer and Static analysis of an executable using PESTUDIO to find strings for file identification.

Chapters:-

0:00 - Intro to InvestigatingWindows2.0
1:26 - Autoruns for Malware Forensics
8:58 - Process Hacker for CommandLine Forensics
12:30 - Procmon for Process Analysis
16:58 - Loki, for System Investigation
28:07 - Yara Rules, for Signature Based Detection
29:27 - PEStudio, for Binary Inspection

Tools Used:-
#ProcessExplorer
#procexp
#autoruns
#ProcessHacker
#loki
#yara
#mimikatz
#ProcessMonitor
#procmon
#TaskScheduler

Room Link: https://tryhackme.com/room/investigat...