(3) Operating System Behavior that is not good Flashcards
What can not normal behavior on an OS process potentially indicate?
Not normal behavior on an OS process can potentially indicate that a rootkit or other malware that has taken advantage of an OS system component
What Windows system tools are useful if a rootkit is involved?
These Windows system tools are useful if a rootkit is involved:
-cmd.exe
-at.exe
-schtasks.exe
-wmic.exe
-powershell.exe
-net.exe
-reg.exe
-sc.exe
When it comes to not normal OS process things, capabilities can be used by tools such as Metasploit?
Tools such as Metasploit can use built in abilities to inject attack tools into processes that are known and good.
One would need tools that can look at the changed behaviors and compare them to known good process activity.