Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How Hackers Establish Persistence

Cyber Mentor via YouTube

Start learning Write review
Coursera Ad

Gain a Splash of New Skills - Coursera+ Annual Nearly 45% Off

Learn More → Pragmatic Institute Ad

Foundations for Product Management Success

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
In this 19-minute cybersecurity video, learn how to hunt for evidence of adversaries establishing persistence in your environment with Andrew Prince from Cyber Mentor. Discover the telltale signs of malware implants and common persistence techniques hackers use. The tutorial covers critical areas including autostart locations, hunting run keys, Windows services, service failure recovery abuse, scheduled tasks, and WMI event consumers. Follow along with practical demonstrations of creating and hunting WMI event consumer backdoors, complete with code examples. Gain valuable threat hunting skills that build on concepts covered in SOC 101, helping security professionals detect intrusions more effectively by understanding these common persistence methods used by attackers.

Syllabus

0:00 - Introduction
0:38 - Autostart Locations
3:30 - Hunting Run Keys
5:49 - Windows Services
9:09 - Abusing Service Failure Recovery
10:15 - Scheduled Tasks
11:03 - Hunting Scheduled Tasks
11:58 - WMI Event Consumers
14:37 - Creating and Hunting WMI Event Consumer Backdoors
18:21 - Conclusion

Taught by

The Cyber Mentor

Reviews

Start your review of How Hackers Establish Persistence

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.