当前位置:网站首页>[Red Team] ATT&CK - Auto Start - Registry Run Key, Startup Folder

[Red Team] ATT&CK - Auto Start - Registry Run Key, Startup Folder

2022-08-10 03:32:00 Thousands of miles :)

0x01 Foreword

An attacker can achieve persistence by adding the program to the startup folder or referencing it using the registry run key.

Adding an entry to the "run key" in the registry or in the startup folder will cause the referenced program to execute when the user logs in.These programs will execute in the context of the user, with the relevant privilege level of the account.

0x02Startup folder

Placing a program in the startup folder also causes the program to execute when the user logs in.There is a startup folder location for individual user accounts and a system-wide startup folder that will be checked no matter which user account is logged in.

Where: The current user's startup folder path is:

C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

<
原网站

版权声明
本文为[Thousands of miles :)]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/222/202208100202553773.html

边栏推荐

猜你喜欢

随机推荐