0Pricing
Security+ Academy · Lesson

Indicators of Compromise (IoC)

Learn to recognize IoCs — file hashes, IP addresses, domain names, and behavioral patterns — that signal a potential breach or attack.

What Are Indicators of Compromise?

Indicators of Compromise (IoCs) are the digital fingerprints attackers leave behind. Teams collect them to build detections and hunt for signs of an attack.

File-Based IoCs: Hashes

A file hash is a precise IoC — match a file's hash to known malware and it's almost certainly bad. But changing one byte changes the hash, so it's brittle.

# Compute SHA-256 hash of a suspected malicious file
sha256sum suspicious_file.exe
# Output: 4a5678bc...  suspicious_file.exe

# Search for this hash in threat intelligence platforms
# curl 'https://www.virustotal.com/api/v3/files/4a5678bc...' -H 'x-apikey: KEY'

# Windows equivalent
Get-FileHash suspicious_file.exe -Algorithm SHA256

All lessons in this course

  1. Types of Threat Actors
  2. Attack Vectors and Attack Surfaces
  3. Threat Intelligence Sources and Feeds
  4. Indicators of Compromise (IoC)
← Back to Security+ Academy