Endpoint Analysis using Windows tool - tasklist

tasklist is a Windows utility command prompt tool that is used to display all running processes on the local computer or on a remote computer.

In an incident, attackers persist inside the compromised system by injecting themselves into to a process with malicious code to avoid detection. Your organization’s security product detects that one of your endpoint is suspiciously connecting to an unknown server or a non whitelisted processes was spawned on one of your endpoints.

These are the few cases of how processes can be a good artifact to detect host-based IOCs, to aid responders, and to quickly triage these incidents Windows tasklist can be useful.