Sai Molige, is a SOC Threat Hunting Lead for Cysiv LLC/ForeScout. Sai received his Master of Science in Information Assurance with Cyber Security as a major. He has 3+ years of experience in information security working in different domains like network, endpoint, and cloud security. Apart from the daily job he performs, he is very keen in constantly improving himself either by attending external classes and/or by attending various conferences. He has SANS GIAC GCDA, GNFA, GNFE, and GCIH . He volunteers at different organizations to give back to the community which is helping him constantly.
Once an adversary gained a foothold, they typically would like to keep their access and establish persistence. Scheduled tasks are one of the most commonly used persistence techniques in adversary intrusions and for a good reason. In this session we take a look at Scheduled Tasks. We start with the basics, and then learn how to create a hypothesis to conduct a threat hunt. In the end, we'll take a stab at detection engineering concepts surrounding the creation/revision of detections/analytics from telemetry we obtain from hunting this technique.
Project Obsidian is an immersive, defensive cybersecurity learning experience.