
In this tutorial from our Security Incident Response course you will see how to use the LogonSessions tool from Windows Sysinternals in incident response. Want to add something to your toolbox? Let's dive in!
Participants will be able to clearly define a security incident and know the proper way to handle it. The participants will also be able to define the steps needed to lead the incident to a desired outcome throughout the process of investigation.
You will find out how to:
- Detect, identify, and mitigate threats
- Assess potential security risks
- Account for human error
- Create an Incident Response Plan
- Identify High Value Targets
- Set up Incident Response tooling
- Create IoCs and implement them
- Recover systems, data and connectivity
- Return to production state
- Document the incident
Example tools used in the course:
- Windows built-in tools;
- Windows Sysinternals suite (pslist; psexec – relation output; autoruns – how to use and how it is useful in incident response; listdlls; procexp/procexp64; tcpview; LogonSessions);
- Volatility;
- dd/windd;
- Logparser;
- grep and Windows Event Log Explorer
In module 1, we will study:
- Assessing potential security risks
- Accounting for human error
- Creating Incident Response Plan
- Identifying High Value Targets
- Identifying Stakeholders
- Setting up incident Response tooling
- System instrumentation
- Employees security trainings
Module 1 exercises:
Familiarizing with Windows Sysinternals suite (pslist; psexec – relation output; autoruns – how to use and how it is useful in incident response; listdlls; procexp/procexp64; tcpview; logonsessions) and Windows Event Log analysis
Check out other modules here!
Related content:
Author

Latest Articles
Blog2022.03.28Footprinting Firewalls | Reconnaissance Tutorial [FREE COURSE CONTENT]
Blog2022.03.17Process Hollowing Malware | Reverse Engineering Tutorial [FREE COURSE CONTENT]
Blog2022.03.09Sniffing BLE packets | IoT Hacking Tutorial [FREE COURSE CONTENT]
Blog2022.02.18Pass The Hash Attacks in Active Directory [FREE COURSE CONTENT]