The Case of the Disappearing Scheduled Task

preview_player
Показать описание
This episode is based upon a Microsoft Detection and Response (DART) blog post (see Resources section). I, along with two of my colleagues (Johnathan Sykes and Meaghan Bradshaw), performed extensive research regarding two different methods by which it is possible to create "hidden" Scheduled Tasks. While one of the methods has been discussed before, this research shows how it might be leveraged by a Threat Actor. The second technique, as best we can tell, is novel.

📖 Chapters

00:00 - Intro
01:18 - Demo

🛠 Resources

Tarrask Malware Uses Scheduled Tasks for Defense Evasion:

#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
  1. 13Cubed
  2. forensics
  3. digital forensics
  4. DFIR
  5. Windows Scheduled Task
  6. Windows Scheduled Tasks
Рекомендации по теме
The Case of 1:04:52

The Case of the Disappearing Duchess | A Hercule Poirot Mystery

Ellie Charlotte & 0:26:24

Ellie Charlotte & Ben: The Case of the Disappearing Ice Cream!

Henry Reads Fancy 0:05:58

Henry Reads Fancy Nancy: The Case of the Disappearing Doll | Read Aloud Kids Books

The Case of 0:02:49

The Case of the Disappearing Bus Stop - pop, trap, hiphop, bass

5 Minute Easter 0:05:38

5 Minute Easter Stories: The Case of the Disappearing Easter Eggs Read Aloud Storytime| StorySquawk

Fancy Nancy: The 0:06:06

Fancy Nancy: The Case of the Disappearing Doll by Nancy Parent

The Creepiest Cases 0:24:42

The Creepiest Cases of People Disappearing

The Case of 0:11:27

The Case of the Disappearing of Special Things | Noddy Detective | Full Episode | Cartoons for Kids

🔍 Miss Marple 1:06:32

🔍 Miss Marple & The Mystery of the Vanishing Will | A Detective Story | Read by Hugh Fraser 🎧...

The Strange and 0:00:21

The Strange and Unsolved Disappearance of Lars Mittank!!! #crimefilms #crime #missing

The CREEPIEST Cases 0:23:05

The CREEPIEST Cases of People Disappearing

The Case of 0:00:29

The Case of the Disappearing Man

The Case of 0:01:02

The Case of the Disappearing Planet - Bays Mountain Planetarium Show Trailer HD

The Hooley Dooleys 0:05:01

The Hooley Dooleys - ABC-TV Series (1999) - The Case Of The Disappearing Cookies

❤️ Fancy Nancy 0:05:23

❤️ Fancy Nancy The Case of the Disappearing Doll ❤️ Disney Stories for Kids Read Aloud | READ ALONG...

Fishtronaut, The Case 0:12:42

Fishtronaut, The Case of the Disappearing Picnic Baskets

The case of 0:22:36

The case of the disappearing special things | Noddy Official

The Case of 0:03:31

The Case of the Disappearing Dollars🏦

Noddy Toyland Detective 0:11:00

Noddy Toyland Detective | The Case Of The Disappearing Rainbow | Full Episode

Fancy Nancy - 0:04:18

Fancy Nancy - The Case of The Disappearing Doll - Read Aloud Books for Toddlers, Kids and Children

The CREEPIEST Cases 0:20:22

The CREEPIEST Cases of People Disappearing

MATH MYSTERY CASE 0:01:15

MATH MYSTERY CASE OF THE DISAPPEARING DONUTS

Fancy Nancy: The 0:06:22

Fancy Nancy: The Case of the Disappearing Doll

Known cases of 0:00:24

Known cases of missing people from Germany..😳 #shorts

Комментарии
Автор

I can't get enough of these kinds of videos, especially with this quality. Keep 'em coming!

chaemelion
Автор

ehat a nice Tutorial.. thank you for it

ciaobello
Автор

great video as always. Got just a question for you. What if you delete everything in the opposite way, first the scheduled task.. does the task still run?

-Giuseppe
Автор

is this because the task is sitting in the registry (memory) on one of those transactional log files?

christophertharp
Автор

But how to delete this task if you could not see it?

AbdallahMohamed-hnvk
Автор

Clearly the service just reads in the configs at start or when a new task is scheduled. Lots of programs work like this as they don’t constantly monitor the registry

kerbalette
Автор

Restart the computer, but the malicious scheduled task continues to run, it seems that they injected some code into the svchost dll

saulvilcavillena
join shbcf.ru