Skills Assessment
Last updated
Last updated
This skills assessment section builds upon the progress made in the Intrusion Detection With Splunk (Real-world Scenario)
section. Our objective is to identify any missing components of the attack chain and trace the malicious process responsible for initiating the infection.
1) Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through SPL searches against all data the process that created remote threads in rundll32.exe. Answer format: _.exe
Answer: randomfile.exe
2) Navigate to http://[Target IP]:8000, open the "Search & Reporting" application, and find through SPL searches against all data the process that started the infection. Answer format: _.exe
Answer: rundll32.exe