Viewing a single comment thread. View all comments

Offsec_Community OP t1_iux00n4 wrote

That is a tough question haha because that can be a lot of different things depending on what technique they are using. For a general answer I would say looking for "weirdness" on the network. I always say most of a SOC analysts job is verifying "good" things. Lots of things will look weird on the network and you dig in and find its something normal. So I would be looking for things a normal user would not be doing. Things like running command that are not necessarily bad but could be used in a bad way that a normal user would not be doing. Trying to access things on the system a normal user does not need to access. Those type of things.

8