(3) Operating System Behavior that is not good

Question 1

What can not normal behavior on an OS process potentially indicate?

Answer 1

Not normal behavior on an OS process can potentially indicate that a rootkit or other malware that has taken advantage of an OS system component

Question 2

What Windows system tools are useful if a rootkit is involved?

Answer 2

These Windows system tools are useful if a rootkit is involved:

-cmd.exe

-at.exe

-schtasks.exe

-wmic.exe

-powershell.exe

-net.exe

-reg.exe

-sc.exe

Question 3

When it comes to not normal OS process things, capabilities can be used by tools such as Metasploit?

Answer 3

Tools such as Metasploit can use built in abilities to inject attack tools into processes that are known and good.

One would need tools that can look at the changed behaviors and compare them to known good process activity.