Skip to content
PwnDefend
  • Base
  • Comms Room
    • Customer Feedback
    • Company Information
    • Security Management
  • Services
    • Consulting Services
      • Enterprise Security Posture Assessment
      • Cyber Security Assurance & Security Testing Services
      • IT Security Healthchecks
      • Active Directory Assessment Services
      • Managed Remediation Services
    • Emergency Cyber Incident Response Support
    • Our Success Stories
    • Partner Services
  • Blog
  • Privacy
Uncategorized

Hunting for New Group Policies Where Scheduled Tasks are…

A common way to deploy an encryption routine used in Ransomware scenarios is to create a scheduled task to launch a cyptor exe. This is commonly deployed via a Group Policy Object (GPO).

So I wanted to look at how with Microsoft Defender for Endpoint (MDE) we could detect this both on domain controllers but also on CLIENT devices (MEMBER SERVERS/PCs)

Read more “Hunting for New Group Policies Where Scheduled Tasks are used” →
Uncategorized

Malicious Scheduled Tasks

A very common technique in ransomware scenarios is the deployment of Scheduled Tasks via Group Policy object.

So I thought I’d start to post some content around this. To start with I was looking locally to enable the following:

“Show me all the command lines used in scheduled tasks on Windows with PowerShell”

So I knocked up this really simple proof of concept (there are other ways to write this obvs)

Read more “Malicious Scheduled Tasks” →

Recent Posts

  • Why is security so hard?
  • Virtual Desktop Infrastructure (VDI) & Cyber Essentials
  • Technology in the Wild
  • CrackMapExec (CME) on Windows
  • Ransomware + Mega = Mega Cyber Pain

Recent Comments

No comments to show.

Archives

  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • March 2020
  • February 2020
  • January 2020
  • October 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Categories

  • Architecture
  • Breach
  • Company News
  • CTF
  • Defence
  • Defense
  • Education
  • Guides
  • Hacking
  • Leadership
  • News
  • OSINT
  • Reviews
  • Strategy
  • Threat Intel
  • Uncategorized
  • Vulnerabilities
Copyright (c) Xservus Limited
Theme by Colorlib Powered by WordPress