Core Windows Processes
Premium roomExplore the core processes within a Windows operating system and understand what normal behaviour is. This foundational knowledge will help you identify malicious processes running on an endpoint!
easy
30 min
96,219
To access material, start machines and answer questions login.
In this room, we will explore the core processes within a Windows system. This room aims to help you know and understand what normal behaviour within a Windows operating system is. This foundational knowledge will help you identify malicious processes running on an endpoint.
The Windows operating system is the most used in the world (whether people like it or not), and the majority of its users don't fully understand its interworkings. Users are simply content that it works, like anything complex, such as a car. It starts, and you can drive from point A to point B. Now regarding computers, if they can surf the web, read/answer emails, shop, listen to music, and watch movies, all is well. It took a long time for users to grasp the need for antivirus programs fully. Only when one of their essential everyday computer functions is disrupted is when antivirus matter. Antivirus was enough over 5-7 years ago (rough estimate).
Time changes everything. Malware and attacks have evolved, and antivirus is no longer enough. Antivirus has struggled to keep up, solely based on how it is designed to catch evil.
Today antivirus is just one solution within the layered defensive approach. New security tools, such as (Endpoint Detection and Response), have been created because antiviruses cannot catch every malicious binary and process running on the endpoint.
But guess what? Even with these new tools, it is still not 100% effective. Attackers can still bypass the defences running on the endpoint. This is where we come in. Whether you're a Security Analyst, Analyst, Detection Engineer, or Threat Hunter, if one of the tools alerts us of a suspicious binary or process, we must investigate and decide on a course of action. Knowing the expected behaviour of the systems we have to defend, a Windows system, in this case, we can infer if the binary or process is benign or evil.
The machine attached to this task will start in a split-screen view. In case the is not visible, use the blue Show Split View button at the top-right of the page.
If you want to access the virtual machine via , use the credentials below.
Machine IP: MACHINE_IP
User: administrator
Password: letmein123!
Note: The virtual machine may take up to 3 minutes to load.
Ready to learn Cyber Security?
The Core Windows Processes room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in