January 9, 2021

Investigation of the Malware Persistence on Boot


The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry on runtime. Adversaries use various techniques to achieve persistence on the network and connect back to its CnC ( Command and Control ) server. The most common way is the Registry key value modification.

What are Run keys in Registry?

The registry holds a set of keys, which will handle the operating system setting for the device drivers, services, Security Accounts Manager, and user interface, etc. Adding the new string under the run key will execute a specific program at user boot or logon.

Continue reading [https://socinvestigation.com/investigation-of-the-malware-persistence-on-boot/](https://socinvestigation.com/investigation-of-the-malware-persistence-on-boot/)

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.