CAPEC-CAPEC-270 - CERT CVE
Naziv

Modification of Registry Run Keys

Sažetak An adversary adds a new entry to the "run keys" in the registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions.
Preduvjeti The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.
Rješenja Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by using a process allowlist.