Terminal Lab

Identify Running Processes

Learn to enumerate and analyze running processes on Linux and Windows systems — a critical skill for incident response.

Step-by-Step Guide

1 List All Processes

Display a snapshot of all running processes with detailed info.

ps aux

2 Real-time Process Monitor

View processes sorted by resource usage (CPU/Memory). Press 'q' to exit.

top

3 Process Tree View

See parent-child relationships between processes.

pstree

4 Find Specific Process

Search for a process by name (e.g., ssh, apache, nginx).

ps aux | grep ssh

5 Network Connections

Show processes with network connections — useful for finding backdoors.

netstat -tulnp

6 Open Files by Process

List files opened by a specific process (requires PID).

lsof -p 1
analyst@soc-workstation: ~
Welcome to the Process Analysis Lab Type commands to explore running processes. Training mode: Simulated environment with realistic output.
analyst@soc:~$

Challenges

Find the process using the most CPU
Identify a process listening on a network port
View the process tree to understand parent-child relationships
Find a suspicious process named "notmalware"

Complete all challenges to finish the lab.

Lab Complete!

You've mastered the basics of process enumeration. These skills are essential for hunting threats and responding to incidents.

← Return to Week 1