Windows Network Analysis
Premium roomDiscover networking artefacts using internal tooling on Windows.
easy
45 min
4,653
To access material, start machines and answer questions login.
Network analysis is the process of capturing and examining both historical and active network activity on a host, which can provide a wealth of information, such as:
- IP Addresses (such as source and destination)
- Ports
- URLs
- Correlating processes and network traffic.
This room will introduce you to the network artefacts present on a Windows host and how these can be analysed using tooling already provided on Windows. Often in the initial stages of an incident, you may not be able to install all of your fancy tooling. It's essential to know how to work with the Operating System to capture the evidence you need, as well as build a picture of the host's activity.
Finally, you will come on to practice what you have learnt in this room by analysing a Windows machine that has been infected with a agent that keeps real-time communication with the host.
Pre-requisitesThis room recommends that you have either completed or are familiar with the following content:
Learning Objectives
- How to benefit from network artefacts present on Windows using internal tooling
- Auditing network logs on a Windows host
- Determining a process' network activity
- Triage a host using for some "quick wins"
Ready to learn Cyber Security?
The Windows Network Analysis room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in