ath0: "#hack100days : day 18d : Looked at MITRE ATT&CK t…" - CounterSocial

ath0 @[email protected]

#hack100days : day 18d : Looked at MITRE ATT&CK technique T1547.001 (https://attack.mitre.org/techniques/T1547/001/) for more scoop on scheduled tasks and run keys. Poked at schedtsk and powershell commands for tasks. Not seeing how to use cli to set up a task triggering off of eventid 4800. I found this article, https://cyber.wtf/2022/06/01/windows-registry-analysis-todays-episode-tasks/, which suggests doing it manually on a lab box, export it, and then import via cli on the target. So, this will be something to lab up. #redteam #infosec #persistence #cososec

Jan 21, 2023, 03:26 · 0· 0· 1

Sign in to participate in the conversation