monitoring-processes-download-behavior-with-python-slides

The document discusses monitoring LOLbin processes using Python, focusing on abnormal process behavior and traffic tracking. It introduces concepts and techniques applicable to all processes, emphasizing the use of specific process trees and new modules like Collections and Threading. A demonstration is included to illustrate the monitoring of LOLbin process trees and their traffic.

Uploaded by

Alejandro Saldias

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2 views9 pages

monitoring-processes-download-behavior-with-python-slides

Uploaded by

Alejandro Saldias

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 9

Monitoring Processes Download

Behavior with Python

Sean Wilkins
Network Engineer & Author

swilkins@infodispersion.com www.infodispersion.com
Module Introduction

Watching for abnormal

Monitoring LOLbin process
process spawning and
behavior
transfers
Overview
- Watching LOLbin processes
- Concepts Demonstration - Monitoring
LOLbins
LOLbin Processes

Module focuses on LOLbin Same techniques can be used for

processes all processes
LOLbin Processes

Utilize the dictionary variable

shown in previous module
Focus will be on specific process trees
LOLbin Processes

Targeted process will have their traffic tracked

Monitoring is limited by Scapy
LOLbin Processes

New modules used include:

Collections Threading

Used to build LOLbin monitor

Demo
How to monitoring LOLbin process trees
Building a process traffic monitoring
Summary
- Watching LOLbin processes
- Concepts Demonstration - Monitoring
LOLbins

DevOps For Beginners: DevOps Software Development Method Guide For Software Developers and IT Professionals
From Everand
DevOps For Beginners: DevOps Software Development Method Guide For Software Developers and IT Professionals
Joseph Joyner
No ratings yet
WS-BPEL 2.0 Beginner's Guide
From Everand
WS-BPEL 2.0 Beginner's Guide
Matjaz B. Juric
No ratings yet
OffSec Live-PEN200
No ratings yet
OffSec Live-PEN200
28 pages
Practice Lab 10 Observing IoCs During A Security (6C)
No ratings yet
Practice Lab 10 Observing IoCs During A Security (6C)
10 pages
LLVM Essentials: Become familiar with the LLVM infrastructure and start using LLVM libraries to design a compiler
From Everand
LLVM Essentials: Become familiar with the LLVM infrastructure and start using LLVM libraries to design a compiler
Suyog Sarda
1/5 (1)
monitoring-abnormal-process-behavior-with-python-slides
No ratings yet
monitoring-abnormal-process-behavior-with-python-slides
8 pages
Lab 09
No ratings yet
Lab 09
9 pages
phpBB: A User Guide
From Everand
phpBB: A User Guide
Jeremy Rogers
No ratings yet
Module IV Python
No ratings yet
Module IV Python
13 pages
Watch 4 Folder v2.3 User Guide
No ratings yet
Watch 4 Folder v2.3 User Guide
9 pages
Zabbix Log File Monitoring - Zabbix Blog
No ratings yet
Zabbix Log File Monitoring - Zabbix Blog
15 pages
Pythonlearn 07 Files
No ratings yet
Pythonlearn 07 Files
23 pages
Lab 4 - HoHoangHIep - SE192008
No ratings yet
Lab 4 - HoHoangHIep - SE192008
17 pages
4.4.4 - 4932 Lab - Locating Log Files - ILM
No ratings yet
4.4.4 - 4932 Lab - Locating Log Files - ILM
19 pages
Module 3 File
No ratings yet
Module 3 File
23 pages
GOD17 Sigma
No ratings yet
GOD17 Sigma
79 pages
Py4Inf 07 Files
No ratings yet
Py4Inf 07 Files
23 pages
3.2.1.4 Lab - Locating Log Files
No ratings yet
3.2.1.4 Lab - Locating Log Files
21 pages
4.4.4 Lab - Locating Log Files (Done)
No ratings yet
4.4.4 Lab - Locating Log Files (Done)
16 pages
Unit 2 2
No ratings yet
Unit 2 2
25 pages
Ruby on Rails For Beginners: Rails Web Development Programming and Coding Tutorial
From Everand
Ruby on Rails For Beginners: Rails Web Development Programming and Coding Tutorial
Joseph Joyner
1/5 (1)
Red Hat System Administration I 7.8 Practice
No ratings yet
Red Hat System Administration I 7.8 Practice
9 pages
MasonCC F21 Intro To Log File Analysis
No ratings yet
MasonCC F21 Intro To Log File Analysis
20 pages
Us 19 Smith Fantastic Red Team Attacks and How To Find Them
No ratings yet
Us 19 Smith Fantastic Red Team Attacks and How To Find Them
87 pages
3.2.1.4 Lab - Locating Log Files
No ratings yet
3.2.1.4 Lab - Locating Log Files
16 pages
Python Automation for Beginners: A Practical Guide with Examples
From Everand
Python Automation for Beginners: A Practical Guide with Examples
William E. Clark
No ratings yet
Linux System Auditing with Auditd and Systemd Journal: A Practical Guide to Monitoring, Logging, and Securing Your Linux Systems
From Everand
Linux System Auditing with Auditd and Systemd Journal: A Practical Guide to Monitoring, Logging, and Securing Your Linux Systems
Dargslan
No ratings yet
8 4 4 Lab Locating Log Files Natskie
No ratings yet
8 4 4 Lab Locating Log Files Natskie
16 pages
Unit V
No ratings yet
Unit V
32 pages
Lab - Locating Log Files: Objectives
No ratings yet
Lab - Locating Log Files: Objectives
16 pages
5B - Filesmerged
No ratings yet
5B - Filesmerged
30 pages
Lolbin Attack & Defense PDF
No ratings yet
Lolbin Attack & Defense PDF
24 pages
The DevOps Mokitas: Avoid the Elephants in Your DevOps Adoption: A Handbook of Devops Mistakes to Avoid
From Everand
The DevOps Mokitas: Avoid the Elephants in Your DevOps Adoption: A Handbook of Devops Mistakes to Avoid
SARAVANAN LAKSHMANAN
No ratings yet
07 Files
No ratings yet
07 Files
23 pages
Lxmls - Lab Guide: July 19, 2015
No ratings yet
Lxmls - Lab Guide: July 19, 2015
115 pages
AleagaJosselyn-SextoA-Semana1-Lab4 4 4)
No ratings yet
AleagaJosselyn-SextoA-Semana1-Lab4 4 4)
22 pages
Alfresco One 5.x Developer’s Guide - Second Edition
From Everand
Alfresco One 5.x Developer’s Guide - Second Edition
Benjamin Chevallereau
3/5 (1)
Python图像处理实战: Chinese Edition
From Everand
Python图像处理实战: Chinese Edition
Posts & Telecom Press
No ratings yet
3.2.1.4 Lab Locating Log Files
No ratings yet
3.2.1.4 Lab Locating Log Files
16 pages
FALLSEM2017-18 - CSE1001 - LO - SJT418 - VL2017181004711 - Reference Material I - Session 28 and 29
No ratings yet
FALLSEM2017-18 - CSE1001 - LO - SJT418 - VL2017181004711 - Reference Material I - Session 28 and 29
21 pages
Python Network Monitoring A Step by Step Guide
No ratings yet
Python Network Monitoring A Step by Step Guide
11 pages
Kali lab
No ratings yet
Kali lab
28 pages
Learning PHP 7 High Performance
From Everand
Learning PHP 7 High Performance
Altaf Hussain
No ratings yet
Plone 3 Intranets
From Everand
Plone 3 Intranets
Victor Fernandez de Alba
No ratings yet
4.4.4 Lab Locating Log Files
No ratings yet
4.4.4 Lab Locating Log Files
17 pages
444 Lab Locating Log Files
No ratings yet
444 Lab Locating Log Files
22 pages
DevOps Revolution: Transforming Software Delivery for High-Performance Teams
From Everand
DevOps Revolution: Transforming Software Delivery for High-Performance Teams
Ryan Campbell
No ratings yet
The Anatomy of DevOps
From Everand
The Anatomy of DevOps
Tom Henricksen
No ratings yet
IT Inventory and Resource Management with OCS Inventory NG 1.02
From Everand
IT Inventory and Resource Management with OCS Inventory NG 1.02
Barzan 'Tony' Antal
No ratings yet
13 BSC CS - Python - Chapter 5
No ratings yet
13 BSC CS - Python - Chapter 5
11 pages
Module 3 - File Handling in Python - Ipynb - Colab
No ratings yet
Module 3 - File Handling in Python - Ipynb - Colab
11 pages
Incident
No ratings yet
Incident
13 pages
Agile & Scrum Methodologies
From Everand
Agile & Scrum Methodologies
Ajit Singh
No ratings yet
Oracle Modernization Solutions
From Everand
Oracle Modernization Solutions
Tom Laszewski
No ratings yet
Labs For Foundations of Applied Mathematics (Python Essentials)
No ratings yet
Labs For Foundations of Applied Mathematics (Python Essentials)
211 pages
Apache Installation & Basic Configuration: Thursday, November 8, 12
No ratings yet
Apache Installation & Basic Configuration: Thursday, November 8, 12
24 pages
SELinux Cookbook
From Everand
SELinux Cookbook
Sven Vermeulen
No ratings yet
File Handling in Python
No ratings yet
File Handling in Python
6 pages
Data Science Essentials
No ratings yet
Data Science Essentials
279 pages
PSP Lecture File Handling - Exception - Command Line
No ratings yet
PSP Lecture File Handling - Exception - Command Line
100 pages
building-log-analysis-workflows-slides
No ratings yet
building-log-analysis-workflows-slides
28 pages
tracking-ip-addresses-using-ip-api-and-python-slides
No ratings yet
tracking-ip-addresses-using-ip-api-and-python-slides
9 pages
4-10256IDTech - PCI-PTS POI Security Policy - VP5300M 20200327-1587151725.08715
No ratings yet
4-10256IDTech - PCI-PTS POI Security Policy - VP5300M 20200327-1587151725.08715
30 pages
acquiring-server-information-with-python-slides
No ratings yet
acquiring-server-information-with-python-slides
25 pages
common-python-libraries-for-security-slides
No ratings yet
common-python-libraries-for-security-slides
40 pages
Anti-Skimming Protection For Your ATM: Flexible Protection For Dip and Motorized Card Readers
No ratings yet
Anti-Skimming Protection For Your ATM: Flexible Protection For Dip and Motorized Card Readers
2 pages

monitoring-processes-download-behavior-with-python-slides

Uploaded by

monitoring-processes-download-behavior-with-python-slides

Uploaded by

Monitoring Processes Download

Behavior with Python

Watching for abnormal

Module focuses on LOLbin Same techniques can be used for

Utilize the dictionary variable

Targeted process will have their traffic tracked

New modules used include:

Used to build LOLbin monitor

You might also like