Pesky Persistence: How "Turning It Off and On Again" May Not Solve Your Problem
Anyone that uses a computer has heard the old "have you tried turning it off and on again" as a solution to experiencing issues; however, there are times where a reboot or a "hard reset" don't eradicate the source of the woes plaguing the user. In this week's blog post, we delve into persistence mechanisms and how malware can survive a reboot.
What is persistence?
Persistence, as defined by MITRE, is "the adversary trying to maintain their foothold." It's a way for threat actors to reduce the odds of their access to a system being removed, as well as adding an automation functionality to code execution on the target system. There's a wide array of techniques that can be leveraged to achieve this, and we'll cover some of those below.
Registry autorun keys
- Automatic (Delayed)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects