Malware often seeks to use the auto-start mechanism on a machine to persist, reloading at system startup or pre-defined schedules. On Linux, this mechanism is known as the cronjob scheduling facility and is often used by attackers to ensure they maintain their connection to the infected server or machine. Learn to use your crontab on a Linux machine and advance your abilities to detect persistence in Linux.
Learning Objectives
Learn to use your crontab on a Linux machine and advance your abilities to detect persistence in Linux.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cyber Defense Analysis
- Cyber Defense Infrastructure Support
- Cyber Investigation
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.