A collection of cybersecurity content.

Tag: T1547

  • Registry Run Keys: Maintaining Persistence

    Registry Run Keys: Maintaining Persistence

    Intro Want to start Outlook on login? Easy. Start malware on login…even in safe mode? Just as easy. Registry run keys in Windows help start programs, scripts, or commands when your computer boots up or when you log in. They make managing apps and services easier when it comes to IT management or enhancing the […]

  • Startup Folders: Persistence on Windows

    Startup Folders: Persistence on Windows

    Intro The Startup folder in Windows is a location that plays an important role in the functioning of a system. Essentially, it contains shortcuts to applications that are automatically launched when a user logs in to the system. This can be a convenient way for IT teams to automate various tasks and ensure necessary software […]

  • Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Hunting Shortcut Files: Mapping “.LNKs” to a Target File

    Intro Shortcuts, also known as symbolic links, are simple files that provide convenient access to frequently used programs. These files are popular among users for their ease of use and accessibility. However, adversaries are also drawn to shortcuts as they provide a covert method for executing malicious programs. By disguising commands and harmful software within […]