Closed de-azra closed 3 years ago
file:///C:/Users/adhd/IntroLabs/IntroClassFiles/index.html#!Tools/IntroClass/Memory/MemoryAnalysis.md
Sprcificly in the area of network
-> Specificly
applied to any comercial tools
-> commercial
navigate to the the memory
-> remove one the
Lets open a command
-> Let's
look at it with Volaitlity!
-> Volatility
Now, we will need to navigate to the cd \tools\volatility_2.6_win64_standalone directory
->"cd to the \tools" or "navigate to the c:\tools", you mixed both
established and have SYS_Sent and closed:
-> SYN_SENT
we are seeing the CLsoe and
-> CLOSED
The above screenshot is... Concerning.
-> concerning
look further into this becasue
-> because
it is compromised (becasue it
anytime a "suspect" computer has another open connection to an internal system is, without question, a cause for concern.
-> any time
Now, lets look
-> let's
Generaly, users and day to day usage of a system does not
-> Generally -> do
We may see it brefily as part
-> briefly
was invoked by the user on the system as Explorer.exe is the GUI
-> on the system, as
Lets now dive
Fixed!
Thanks!
file:///C:/Users/adhd/IntroLabs/IntroClassFiles/index.html#!Tools/IntroClass/Memory/MemoryAnalysis.md
Sprcificly in the area of network
-> Specificly
applied to any comercial tools
-> commercial
navigate to the the memory
-> remove one the
Lets open a command
-> Let's
look at it with Volaitlity!
-> Volatility
Now, we will need to navigate to the cd \tools\volatility_2.6_win64_standalone directory
->"cd to the \tools" or "navigate to the c:\tools", you mixed both
established and have SYS_Sent and closed:
-> SYN_SENT
we are seeing the CLsoe and
-> CLOSED
The above screenshot is... Concerning.
-> concerning
look further into this becasue
-> because
it is compromised (becasue it
-> because
anytime a "suspect" computer has another open connection to an internal system is, without question, a cause for concern.
-> any time
Now, lets look
-> let's
Generaly, users and day to day usage of a system does not
-> Generally -> do
We may see it brefily as part
-> briefly
was invoked by the user on the system as Explorer.exe is the GUI
-> on the system, as
Lets now dive
-> Let's