Windows Fundamentals-LetsDefend
Excited to have completed the Windows Fundamentals training with LetsDefend.
👉 One of the most important configurations is the Permissions configuration. System administrators must be very cautious about how they configure permissions to avoid unauthorized system access or insider threats. Contrary to Linux, Windows has 6 permission types when managing file permissions: “Full Control, Modify, Read&Execute, Read, Write”. When SOC Analysts are implementing system hardening, they need to meticulously adopt the User Account Control(UAC) feature in their plan.
👉 By monitoring the processes of all services, SOC Analysts are able to detect suspicious activities.
👉 Another important utility is the Task Scheduler, previously called Scheduled Tasks. It is used by attackers “to ensure persistence by making the system send connection requests to his/her own system in order not to lose access to the system”. So, SOC Analysts must monitor the Scheduled Tasks to detect malicious or suspicious scheduled tasks.
👉 Attackers use Windows Registry to give them access to information that will allow them to continue their attacks. Suspicious change in the Windows Registry may be an indication of unauthorized access or malicious activities.
👉 SOC Analysts need to know the Windows Firewalls Rules that pertain to their organization so they can monitor any new Firewall Rules that may be suspicious. For example, to see all the Firewall Rules we use “netsh advfirewall firewall show rule name=all”.
👉 SOC Analysts have to analyze and consistently monitor the System’s Event Logs to ensure there are no threats in the system. To learn the different types of Event IDs and make the process easier, refer to the Windows Security Event Logs CheatSheet: https://lnkd.in/egZqrEux
👉 Finally, SOC Analysts must familiarize themselves with Windows Management Instrumentation (WMI) because this is a feature that attackers frequently use to perform lateral movement and reconnaissance in the system.
Once again, it was much fun to work with Dijah
If you are interested in taking training with @letsdefendio, visit https://letsdefend.io/
Thank you for reading!
