Persistence via Windows Services

Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.

Time
1 hour 25 minutes
Difficulty
Intermediate
CEU/CPE
1
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Campaign Overview
10m

2.1What is the “Create or Modify System Process: Windows Service” Sub-Technique?

15m

2.2Detection, Validation, and Mitigation (Lab)

1h
Course Description

TA0003 Persistence is the general group of techniques used by an adversary to retain access to a compromised system in a way that should survive a reboot and other common disruptions to running processes. This course will explore the T1543 Create or Modify System Process technique, more specifically the .003 Windows Service sub-technique.

Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to the tactics and techniques used by the threat group APT41 (aka Double Dragon). Prevent adversaries from accomplishing the tactic of persistence.

Instructed By
Chris Daywalt

Chris Daywalt

Security Freelancer

Instructor
Matthew Mullins

Matthew Mullins

Technical Manager, Red Team

Instructor
Provider
Cybrary
Certificate of Completion
Certificate Of Completion

Complete this entire course to earn a Persistence via Windows Services Certificate of Completion