Report Process: Hacker's or admin's tools

Mister_Nobody · ‎12-22-2023

I have created report to check processes with hacker's or admin's tools

Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetUnique,
  tblAssets.Domain,
  tblAssets.Username,
  tblADusers.Displayname,
  tblADusers.Department,
  tblADusers.Title,
  tblADusers.Company,
  tblProcesses.ExecutablePath,
  tblProcesses.Caption,
  tblProcesses.Lastchanged
From tblAssets
  Inner Join tblProcesses On tblAssets.AssetID = tblProcesses.AssetID And
      Lower(tblProcesses.Caption) In ('adexplorer.exe', 'psexec',
      'tasklist.exe', 'hostname.exe', 'systeminfo.exe', 'ver.exe',
      'ipconfig.exe', 'netstat.exe', 'ping.exe', 'nslookup.exe', 'nltest.exe',
      'net.exe', 'net1.exe', 'reg.exe', 'schtasks.exe', 'at.exe', 'query.exe',
      'wscript.exe', 'cscript.exe', 'qwinsta.exe', 'quser.exe', 'netsh.exe',
      'wmic.exe', 'mshta.exe', 'curl.exe', 'certutil.exe', 'sc.exe',
      'powershell.exe', 'procdump.exe', 'ngrok.exe')
  Left Join tblADusers On tblADusers.Username = tblAssets.Username And
      tblADusers.Userdomain = tblAssets.Domain
Order By tblAssets.AssetID

It can help detect some types of attacks.

brandon_jones · ‎01-05-2024

Under scanning go to scanned items wait time and enable process scanning. Beware that this can cause your database to grow in size.

rader · ‎01-05-2024

Interesting. Any requirements to setup for the report?

Report Process: Hacker's or admin's tools

New to Lansweeper?

Try Lansweeper For Free