DFSP # 430 - Targeting Tasks
Windows Scheduled Tasks are often used by attackers to establish persistence. As an analyst, you want to be aware of the different windows event codes that record these details. These artifacts come up in just about every windows compromise assessment, consider them core triage skills. There are several events, all of which I will go over in this episode. I will break them down from a DFIR point of view and give you the triage methodology...