THM Room: Windows core processes

Introduction

What?

Exploring the core processes within a Windows OS and understand what normal behaviour is.

Why?

This foundational knowledge will help identify malicious processes running on an endpoint.

How?

Windows core boot

• smss.exe

• csrss.exe

• wininit.exe

• services.exe

• svchost.exe

• lsass.exe

• winlogon.exe

• explorer.exe