Hunting for Persistence with Cympire: Part II — Scheduled Tasks

Hey friend, welcome to this short series on hunting for persistence!

In this series, I have joined up with the team at Cympire to teach you how to hunt for adversary persistence mechanisms in your environment. Cympire is “The Most Advanced Cybersecurity Training & Assessment Platform” and it will provide you with a virtualized battleground to test your cyber capabilities!

Each entry in this series will cover a persistence mechanism adversaries use in the real world to maintain access to systems they compromise. Accompanying this will be a gamified scenario where you can practice the skills you learn for FREE. So let’s dig in and upskill our threat hunting capabilities!

Once an attacker gains initial access to a machine they will try to keep this access by installing a persistence mechanism. There are many ways an adversary can maintain persistence, but this series will cover:
1. Registry Run Keys — where attackers will add registry keys to automatically start a program when the system boots.
2. Scheduled Tasks — where attackers will schedule a task to automatically run a program at specific intervals.
3. Services —…