Beginner Pro

Monitoring and Investigating Suspicious Process Execution

Detect and investigate suspicious processes running on an Ubuntu server using practical tools like Sysmon for Linux and Splunk. Simulate an attack by running a reverse shell.

Self-Paced by Rajneesh Gupta

Overview

Investigate suspicious process execution activity on a Linux/Windows host and build a complete detection → investigation → response workflow using native OS tools and monitoring agents such as Sysmon.
You will generate realistic malicious behaviors—such as unauthorized script execution, abnormal parent-child process relationships, persistence techniques, and privilege escalation attempts—and monitor system event logs in real time.
The project validates how host-level process monitoring can reveal attacker techniques, supports guided investigation steps, and enables automated or semi-automated response actions.

Key Outcomes:

  • Generate realistic suspicious process activity including script misuse

  • Collect and monitor process execution logs using Sysmon

  • Identify anomalies and suspicious behaviors such as execution from unusual directories, unsigned binaries, privilege escalation chains, or unexpected network connections.

  • Apply investigation techniques to trace process via Splunk.

What You'll Learn

  • Simulating Suspicious Process Execution

    Learn how to generate realistic malicious behaviors such as unauthorized scripts, privilege escalation attempts, and abnormal parent-child process chains.

  • Host-Level Process Monitoring with Sysmon

    Understand how to collect detailed process creation, network connection, and file modification events using Sysmon (Windows) or native auditing tools (Linux).

  • Real-Time Log Analysis for Process Anomalies

    See how execution from unusual directories, unsigned binaries, and abnormal process behavior can be detected through event logs.

Prerequisites

  • Linux machine with Sysmon installed (or Linux host with auditd/OSquery for process monitoring)
  • Basic understanding of system processes, command execution, and scripts
  • Splunk instance available for ingesting and analyzing process execution logs

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.