Intrusion Analysis

Network Intrusion Analysis

If you have recently been a victim of a cyber-attack, ProCheckUp will be able to provide assistance in identifying and analysing the attack to gauge the severity and determine whether the incident has been successful in compromising the confidentiality, integrity or availability of your information system.

A Network intrusion analysis will determine the sequence of attack from the point of the attacker performing a scan against your network, to exploitation of a vulnerability (or group of vulnerabilities), to the activities performed post-exploitation such as data exfiltration or communications to remote command-and-control (C2) servers. ProCheckUp perform the analysis by reviewing network logs captured by network boundary sensors, IDS, firewalls and server logs.

A Network Intrusion analysis is usually undertaken immediately after an incident as part of an incident response plan. However, this exercise can also be conducted regularly to detect any possible network compromise within a defined date range.

ProCheckUp’s network intrusion analysts will attempt to correlate all activities observed on the network to gather useful information pertaining to a network attack, including:

  • - Source of attack
  • - Duration of attack
  • - Techniques used to hide the attacker's identity
  • - Identification of any specific tools used by the attacker
  • - Vulnerabilities exploited by the attacker
  • - Extraction of any data from the server
  • - Possibility of any malware/rootkit/backdoor installed
  • - Possibility of the attacker pivoting deeper into the network
  • - Determine if the log files have been tampered with or cleared to hide traces of the attack
  • - Creation of any user accounts
  • - Modification to any data on the server

The findings of a network intrusion analysis will be useful in determining the motive of the attacker and to understand any possible damage from an attack. 

Host Intrusion Analysis

If you have recently been a victim of a cyber-attack which targeted a specific host critical to your environment, ProCheckUp will be able to provide assistance in identifying and analysing the attack to gauge the severity and determine whether the attack has been successful in compromising the confidentiality, integrity or availability of your information system.

A Host intrusion analysis will determine the sequence of attack from the point of the attacker performing a scan against the target host, to exploitation of a vulnerability (or group of vulnerabilities), through to the activities performed post-exploitation such as backdoor installation or lateral movements to other hosts. ProCheckUp perform the analysis by reviewing log files on the affected host, memory dumps (if applicable), analysing running processes, identifying recently modified files for possible malware/rootkit installation, registry changes and network traffic leaving the host.

A Host Intrusion analysis is usually undertaken immediately after an incident as part of an incident response plan. However, this exercise can also be conducted regularly to detect any possible host compromise – particularly for critical hosts – within a defined date range.

ProCheckUp’s host intrusion analysts will attempt to correlate all activities observed on the host to gather useful information pertaining to an attack, including:

  • - Source of attack
  • - Duration of attack
  • - Techniques used to hide the attacker's identity
  • - Identification of any specific tools used by the attacker
  • - Vulnerabilities exploited by the attacker
  • - Extraction of any data from the server
  • - Possibility of any malware/rootkit/backdoor installed
  • - Possibility of the attacker pivoting deeper into the network
  • - Determine if the log files have been tampered with or deleted to hide traces of the attack
  • - Creation of any new user accounts
  • - Modification of data on the server

The findings of a host intrusion analysis will be useful in determining the motive of the attacker and to better understand the possible damage from an attack.

Conclusion

If your network or a specific system is compromised, ProCheckUp will thoroughly investigate the incident. We'll identify the extent of the breach, the methods used by the attackers, their goals, and the potential damage caused.

Our approach to both host and network intrusion analysis covers the entire attack lifecycle, from initial reconnaissance to vulnerability exploitation and post-breach activities. We meticulously analyse network and server logs, as well as memory dumps, to reconstruct the sequence of events and determine the full impact of the breach.

Need Help?

If you have any questions about cyber security or would like a free consultation, don't hesitate to give us a call!

Our Services

Keep up to date!

Subscribe to our newsletter. Keep up to date with cyber security.


For More Information Please Contact Us

Smiling Person

ACCREDITATIONS