Episode 42 — Indicators of Compromise: Hashes, Domains, Timestamps, Log Manipulation, and Impossible Travel
This episode covers indicators of compromise as clues that help analysts connect events to malicious activity. Students should understand how hashes can identify known suspicious files, IP addresses and domains can reveal command-and-control or phishing infrastructure, malicious processes can show execution, and file system artifacts can show persistence or staging. Timestamps help reconstruct activity, while log manipulation may indicate an attacker trying to hide actions. Excessive resource consumption, plaintext strings, account lockouts, impossible travel, and concurrent sessions can also point to compromise. For exam scenarios, the key is not memorizing one clue in isolation but combining evidence from logs, endpoints, networks, and identity systems to determine what happened. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with. And dont forget Cyberauthor.me for the companion study guide and flash cards!
