YoVDO

Scheduled Task

Offered By: Cybrary

Tags

Privilege Escalation Courses Cybersecurity Courses Threat Detection Courses Defensive Security Courses Offensive Security Courses

Course Description

Overview

All major operating systems provide utilities that enable the scheduling of programs to run at certain times. When adversaries can access this task-scheduling capability, they can use it to execute programs on a scheduled basis in order to maintain persistence or conduct their ultimate attack objectives. Adversaries can also use this capability to run programs under a specified account with elevated privileges in order to gain privilege escalation. As such, the Scheduled Task technique is useful to adversaries in many scenarios.

You can see how important it is to learn how to detect and mitigate this activity.

Get the hands-on skills you need to detect and mitigate this attack in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the financially motivated threat group FIN10. Prevent adversaries from accomplishing the tactics of Execution, Persistence, and Privilege Escalation in your environment today.

What will I be able to accomplish after taking these courses?

  • You will be able to identify and validate critical threats related to threat actor attempts to exfiltrate your organization’s valuable data and potentially attempt to extort your organization for financial gain.
  • You will be able to use a SIEM tool to identify indicators of compromise and validate whether they should be investigated further.
  • You will learn response and mitigation recommendations to keep your organization safe.

What are the prerequisites for these courses?

  • Intermediate-level knowledge of defensive security is required. You should have some experience as a security engineer, SOC or security analyst, or similar role.
  • Familiarity with using a SIEM tool, like Splunk or ELK is strongly recommended.
  • Experience using command-line tools is required.
  • Cybrary's MITRE ATT&CK Defender (MAD) ATT&CK Fundamentals Course is recommended.
  • A basic understanding of offensive security is beneficial. Those who have taken our Offensive Penetration Testing course or our OWASP Top Ten series of courses will be well prepared in this area.

Syllabus

  • Scheduled Task
    • What is the Scheduled Task Technique?
    • Hands-On Detection (Lab)

Taught by

Matthew Mullins and Owen Dubiel

Related Courses

CVE Series: HiveNightmare (CVE-2021-36934)
Cybrary
CVE Series: MSHTML Vulnerability (CVE-2021-40444)
Cybrary
Introduction to IT & Cybersecurity
Cybrary
Local Accounts
Cybrary
Obtain Capabilities: Tool
Cybrary