“##version \ schedule \ taskcache ” - " hklm \ software \ microsoft \ windows \ currentversion \ run " - " hklm \ software \ microsoft \ windows \ currentversion \ runonce " there are many, many more registry keys that you could check, but this is a good starting place. you want t…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1547.001Registry Run Keys / Startup Folder
92%
“( pid ) / executable making the connection or opening the listening port. start by looking for processes that should never make network connections or ports that seem very obviously bad ( think 1337 ). when you find one, note the pid and go back to your process list to see where …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1049System Network Connections Discovery
54%
“comprehensive forensic investigation before any form of triage to ensure the accurate preservation and interpretation of volatile artifacts. learning what to look for and determining unusual behavior takes repetition, a keen eye, and an appropriate toolset. thankfully, microsoft …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1595Active Scanning
43%
“threat hunting and tactical malware analysis | huntress what are the basics of threat hunting and malware analysis? our experts sought to answer this burning question in a recent episode of tradecraft tuesday, featuring huntress ' lead threat hunter anthony smith and senior secur…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1592Gather Victim Host Information
41%
“threat hunting and tactical malware analysis | huntress what are the basics of threat hunting and malware analysis? our experts sought to answer this burning question in a recent episode of tradecraft tuesday, featuring huntress ' lead threat hunter anthony smith and senior secur…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
32%
“re curious about learning more or starting your journey, check out these resources below. resources - process list ( tasklist ) : https : / / learn. microsoft. com / en - us / windows - server / administration / windows - commands / tasklist - network connections ( netstat ) : ht…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Dive into the basics of threat hunting and tactical malware analysis, and learn how these two practices go hand in hand in cybersecurity.