Skills Assessment
Scenario
This skills assessment section builds upon the progress made in the Intrusion Detection With Splunk (Real-world Scenario)
section. Our objective is to identify any missing components of the attack chain and trace the malicious process responsible for initiating the infection.
Practical Exercises
1) Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through SPL searches against all data the process that created remote threads in rundll32.exe. Answer format: _.exe
Answer: randomfile.exe
2) Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through SPL searches against all data the process that started the infection. Answer format: _.exe
Answer: rundll32.exe
Last updated