Windows Threat Hunting : Processes of Interest (Part 1)A list of common Windows processes and how they can be used maliciously by hackers(Source: 800 × 533)
Microsoft Windows is the most used operating system in the world, used widely by large organizations as well as individuals for personal use and accounts for more than 60% of the devices. It is also used extensively as a server OS. Owing to it’s extensive use, it is often a target of various exploits and threats. In this write up, we’ll be going over a list of legitimate Windows processes and programs that can be used maliciously by hackers. Knowledge about how these can be used, is important to actively detect malicious activity and defend against attacks that utilize these processes.
PowerShell is a built-in Windows tool based on the .NET framework. It consists of a command-line interface that is deeply integrated with various Windows services and can also be used to create scripts. PowerShell, being a legitimate Windows tool having scripting capabilities and used frequently