Intrusion Analysis

Network Intrusion Analysis 

If you have recently been a victim of a cyber attack, ProCheckUp will be able to provide assistance in identifying and analysing the attack to gauge the severity and determine whether the incident has been successful in compromising the confidentiality, integrity or availability of your information system.

A Network intrusion analysis will determine the sequence of attack from the point of the attacker performing a scan against your network, to exploitation of a vulnerability (or group of vulnerabilities), to the activities performed post-exploitation such as data exfiltration or communications to remote command-and-control (C2) servers. ProCheckUp perform the analysis by reviewing network logs captured by network boundary sensors, IDS, firewalls and server logs.

A Network Intrusion analysis is usually undertaken immediately after an incident as part of an incident response plan. However, this exercise can also be conducted regularly to detect any possible network compromise within a defined date range.

ProCheckUp’s network intrusion analysts will attempt to correlate all activities observed on the network to gather useful information pertaining to a network attack, including:

  • - Source of attack
  • - Duration of attack
  • - Techniques used to hide the attacker's identity
  • - Identification of any specific tools used by the attacker
  • - Vulnerabilities exploited by the attacker
  • - Extraction of any data from the server
  • - Possibility of any malware/rootkit/backdoor installed
  • - Possibility of the attacker pivoting deeper into the network
  • - Determine if the log files have been tampered with or cleared to hide traces of the attack
  • - Creation of any user accounts
  • - Modification to any data on the server

The findings of a network intrusion analysis will be useful in determining the motive of the attacker and to understand any possible damage from an attack. 

 

Host Intrusion Analysis

If you have recently been a victim of a cyber attack which targeted a specific host critical to your environment, ProCheckUp will be able to provide assistance in identifying and analysing the attack to gauge the severity and determine whether the attack has been successful in compromising the confidentiality, integrity or availability of your information system.

A Host intrusion analysis will determine the sequence of attack from the point of the attacker performing a scan against the target host, to exploitation of a vulnerability (or group of vulnerabilities), through to the activities performed post-exploitation such as backdoor installation or lateral movements to other hosts. ProCheckUp perform the analysis by reviewing log files on the affected host, memory dumps (if applicable), analysing running processes, identifying recently modified files for possible malware/rootkit installation, registry changes and network traffic leaving the host.

A Host Intrusion analysis is usually undertaken immediately after an incident as part of an incident response plan. However, this exercise can also be conducted regularly to detect any possible host compromise – particularly for critical hosts – within a defined date range.

ProCheckUp’s host intrusion analysts will attempt to correlate all activities observed on the host to gather useful information pertaining to an attack, including:

  •  - Source of attack
  • - Duration of attack
  • - Techniques used to hide the attacker's identity
  • - Identification of any specific tools used by the attacker
  • - Vulnerabilities exploited by the attacker
  • - Extraction of any data from the server
  • - Possibility of any malware/rootkit/backdoor installed
  • - Possibility of the attacker pivoting deeper into the network
  • - Determine if the log files have been tampered with or cleared to hide traces of the attack
  • - Creation of any user accounts
  • - Modification to any data on the server

The findings of a host intrusion analysis will be useful in determining the motive of the attacker and to understand any possible damage from an attack.

 

 

Need Help?

If you have any questions about cyber security or would like a free consultation, don't hesitate to give us a call!

+44 (0) 20 7612 7777

Our Services

Keep up to date!


ACCREDITATIONS