+44 (0) 20 7612 7777

Intrusion Analysis

Home Services Incident Response Intrusion Analysis

Intrusion Analysis

Network Intrusion Analysis 

If you have recently been a victim of a cyber-attack, ProCheckUp will be able to provide assistance in identifying and analysing the attack to gauge the severity and determine whether the incident has been successful in compromising the confidentiality, integrity or availability of your information system.

A Network intrusion analysis will determine the sequence of attack from the point of the attacker performing a scan against your network, to exploitation of a vulnerability (or group of vulnerabilities), to the activities performed post-exploitation such as data exfiltration or communications to remote command-and-control (C2) servers. ProCheckUp perform the analysis by reviewing network logs captured by network boundary sensors, IDS, firewalls and server logs.

A Network Intrusion analysis is usually undertaken immediately after an incident as part of an incident response plan. However, this exercise can also be conducted regularly to detect any possible network compromise within a defined date range.

ProCheckUp’s network intrusion analysts will attempt to correlate all activities observed on the network to gather useful information pertaining to a network attack, including:

  • - Source of attack
  • - Duration of attack
  • - Techniques used to hide the attacker's identity
  • - Identification of any specific tools used by the attacker
  • - Vulnerabilities exploited by the attacker
  • - Extraction of any data from the server
  • - Possibility of any malware/rootkit/backdoor installed
  • - Possibility of the attacker pivoting deeper into the network
  • - Determine if the log files have been tampered with or cleared to hide traces of the attack
  • - Creation of any user accounts
  • - Modification to any data on the server

The findings of a network intrusion analysis will be useful in determining the motive of the attacker and to understand any possible damage from an attack. 

 Host Intrusion Analysis

If you have recently been a victim of a cyber-attack which targeted a specific host critical to your environment, ProCheckUp will be able to provide assistance in identifying and analysing the attack to gauge the severity and determine whether the attack has been successful in compromising the confidentiality, integrity or availability of your information system.

A Host intrusion analysis will determine the sequence of attack from the point of the attacker performing a scan against the target host, to exploitation of a vulnerability (or group of vulnerabilities), through to the activities performed post-exploitation such as backdoor installation or lateral movements to other hosts. ProCheckUp perform the analysis by reviewing log files on the affected host, memory dumps (if applicable), analysing running processes, identifying recently modified files for possible malware/rootkit installation, registry changes and network traffic leaving the host.

A Host Intrusion analysis is usually undertaken immediately after an incident as part of an incident response plan. However, this exercise can also be conducted regularly to detect any possible host compromise – particularly for critical hosts – within a defined date range.

ProCheckUp’s host intrusion analysts will attempt to correlate all activities observed on the host to gather useful information pertaining to an attack, including:

  • - Source of attack
  • - Duration of attack
  • - Techniques used to hide the attacker's identity
  • - Identification of any specific tools used by the attacker
  • - Vulnerabilities exploited by the attacker
  • - Extraction of any data from the server
  • - Possibility of any malware/rootkit/backdoor installed
  • - Possibility of the attacker pivoting deeper into the network
  • - Determine if the log files have been tampered with or cleared to hide traces of the attack
  • - Creation of any user accounts
  • - Modification to any data on the server

The findings of a host intrusion analysis will be useful in determining the motive of the attacker and to understand any possible damage from an attack.

ProCheckUp Engagement lifecycle

Procheckup utilises a standard engagement model for all engagements which is defined below: -

Offering - Activities that take place before the execution of a consultancy assignment:

  • Pre-sales and identification of client needs;
  • Creation of an agreement, typically covering: - Context of the work - Services and deliverables - Approach and work plan - Roles and responsibilities. 

Execution - Delivery of the services agreed at the offering stage to satisfy the client:

  • Refining the work plan;
  • Implementing the agreed work plan;
  • Assignment of staff, management and mentoring;
  • Approval and acceptance. 

Closure - Activities that take place at the end of a consultancy assignment:

  • Final client evaluation and agreement that the service has been delivered;
  • Conclusion of obligations;
  • Finalising payment;
  • Any subsequent improvements to the service.

 

Please contact us for more information on how ProCheckUp Intrusion analysis Services can help you.

Need Help?

If you have any questions about cyber security or would like a free consultation, don't hesitate to give us a call!

+44 (0) 20 7612 7777

Our Services

Keep up to date!

Subscribe to our newsletter. Keep up to date with cyber security.

ACCREDITATIONS