Tag: persistence
-
Modifying User and System Shell Folder Paths: Collecting Evidence
Intro User and System Shell folders are a bunch of folders in Windows used to store a lot of the user’s personal data and settings. You most likely know these as Desktop, Start Menu, My Documents, and Startup folders. There are many others but those are some of the most popular. These locations are also […]
-
Registry Run Keys: Maintaining Persistence
Intro Want to start Outlook on login? Easy. Start malware on login…even in safe mode? Just as easy. Registry run keys in Windows help start programs, scripts, or commands when your computer boots up or when you log in. They make managing apps and services easier when it comes to IT management or enhancing the […]
-
Scheduled Tasks: Collecting Evidence
Intro Scheduled tasks are a valuable feature in Windows that enables users to schedule specific actions on their systems at desired times. This feature allows users to start designated programs at login, reboot their computers on a set schedule, and execute custom commands or scripts. However, this feature can also be exploited by adversaries to […]
-
Startup Folders: Persistence on Windows
Intro The Startup folder in Windows is a location that plays an important role in the functioning of a system. Essentially, it contains shortcuts to applications that are automatically launched when a user logs in to the system. This can be a convenient way for IT teams to automate various tasks and ensure necessary software […]
-
Hunting Shortcut Files: Mapping “.LNKs” to a Target File
Intro Shortcuts, also known as symbolic links, are simple files that provide convenient access to frequently used programs. These files are popular among users for their ease of use and accessibility. However, adversaries are also drawn to shortcuts as they provide a covert method for executing malicious programs. By disguising commands and harmful software within […]