Naziv
|
Modification of Registry Run Keys
|
Sažetak
|
An adversary adds a new entry to the "run keys" in the registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions.
|
Preduvjeti
|
The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.
|
Rješenja
|
Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.
|