Module 09 - Web Attacks on Windows-based Servers

Investigating Web Attacks on Windows-based Servers: True or False: Attackers can exploit vulnerabilities in the websites hosted on Windows-based servers and perform targeted attacks on the web server, such as directory traversal, command injection, and DoS attacks.

True

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Run Event Viewer to view the logs: C:\> eventvwr.msc

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check if the following suspicious events have occurred such as Event log service has ended

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check if the following suspicious events have occurred such as Windows File Protection is inactive on the system

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check if the following suspicious events have occurred such as MS Telnet Service is running

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Find out whether the system has failed login attempts or locked-out accounts

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Review file shares to ensure their purpose: C:\> net view <IP Address>

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Verify the users using open sessions: C:\> net session

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check if the sessions have been opened with other systems: C:\> net use

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Analyze at NetBIOS over TCP/IP activity: C:\> nbtstat -S

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Find if TCP and UDP ports have unusual listening: C:\> netstat –na

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Find scheduled and unscheduled tasks on the local host: C:\> schtasks.exe

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check for the creation of new accounts in the administrator group: Start -> Run -> lusrmgr.msc -> OK

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check whether any unexpected processes are running in Task Manager: Start -> Run -> taskmgr -> OK

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check for unusual network services: C:\> net start

Investigating Web Attacks on Windows-based Servers: Which of the following steps can an investigator perfrom to look for signs of web attacks on Windows-based servers?

Check file space usage to find any sudden decrease in free space C:\> dir