Effective Threat Investigation for SOC Analysts by Mostafa Yahia
Author:Mostafa Yahia
Language: eng
Format: epub
Publisher: Packt
Published: 2023-11-15T00:00:00+00:00
Target machine event logs
Like all lateral movement techniques, the most valuable event log artifacts of PowerShell remoting are recorded on the target machine. The first recorded event is event ID 4624, which records successful authentication to the target system with logon type 3. The event provides valuable information, such as the login account and the source workstation name and IP. Then, event ID 4688 logs and records the execution of the wsmprovhost.exe process, which is the process of the Windows Remote PowerShell session when using the WinRM service.
The wsmprovhost.exe process executes on the target system to receive the entered commands from the source machineâs PowerShell process, for execution on the target system. To effectively monitor and trace these actions, we leverage event ID 4688 to track any command executed or process spawned from the wsmprovhost.exe process on the target system (see Figure 7.21).
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Test-Driven iOS Development with Swift 4 by Dominik Hauser(7740)
Filmora Efficient Editing by Alexander Zacharias(5447)
The Infinite Retina by Robert Scoble Irena Cronin(4893)
Linux Device Driver Development Cookbook by Rodolfo Giometti(3904)
Learn Wireshark - Fundamentals of Wireshark. by Lisa Bock(3784)
Edit Like a Pro with iMovie by Regit(3239)
Linux Administration Best Practices by Scott Alan Miller(2842)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic & Jasmin Redzepagic(2818)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2507)
Docker on Windows by Stoneman Elton(2306)
Kali Linux - An Ethical Hacker's Cookbook: End-to-end penetration testing solutions by Sharma Himanshu(2295)
Mastering PowerShell Scripting - Fourth Edition by Chris Dent(2216)
Hands-On AWS Penetration Testing with Kali Linux by Karl Gilbert(2094)
Creative Projects for Rust Programmers by Carlo Milanesi(2042)
Hands-On Linux for Architects by Denis Salamanca(2028)
Computers For Seniors For Dummies by Nancy C. Muir(1983)
Programming in C (4th Edition) (Developer's Library) by Stephen G. Kochan(1973)
The Old New Thing by Raymond Chen(1927)
Linux Kernel Debugging by Kaiwan N Billimoria(1752)
