This room taught me how to recognize and analyze the core Windows processes that run on a system. I explored the legitimate functions of processes like lsass.exe, svchost.exe, and explorer.exe, while also learning how attackers abuse them for malicious purposes. It was a balance between understanding normal behavior and spotting red flags.
I came away with a sharper eye for identifying suspicious activity in Windows environments. The exercises helped me practice distinguishing legitimate processes from look-alikes or injected code, which is a key skill for detecting endpoint compromise in real-world investigations.
