The Windows operating system contains a lot of system processes that are present every time we boot our machines. These processes are responsible for a lot of things. From initialization and creating the user interface to loading the necessary drivers and DLL’s.
It becomes a must for threat hunters to know what is the normal behavior of these processes. Such as the parent child relationship between them and the number of instances that should be present on a machine or user instance.
Today we’ll discuss these processes and provide an overview that’ll help every threat hunter in his journey (hopefully).