Professional Documents
Culture Documents
Making Defensive Recommendations Guided Exercise
Making Defensive Recommendations Guided Exercise
⁃ Spearphishing Attachment
⁃ Spearphishing Link
⁃ Scheduled Task
⁃ Scripting
⁃ User Execution
⁃ Registry Run Keys/Startup Folder
⁃ Network Service Scanning
For this exercise, we’re going to be working with T1053 - Scheduled Task
Based on the Detection portion of the Scheduled Task page what kind of
resources can be monitored to detect a new Scheduled Task being added?
5. Make recommendations
Based on the tradeoffs you analyzed in 4., what defensive options would you
recommend?
Would they cover the specific procedure you found from Cobalt Kitty in 1.?
©2019 The MITRE Corporation. ALL RIGHTS RESERVED. Approved for public
release. Distribution unlimited 18-1528-44.