Home Tips & Tricks Chasing Adversaries with Autoruns – Evading Techniques and Countermeasures

Chasing Adversaries with Autoruns – Evading Techniques and Countermeasures

0
0
978

Sysinternals Autoruns is a great utility for defenders to discover and disable malware and adversaries’ persistence points. There are similar programs, but as the author of Autoruns says: “(Autoruns) has the most comprehensive knowledge of auto-starting locations “, therefore the focus here is on Autoruns.

In the last weeks couple of security researches (Kyle – @KyleHanslovan, Chris – @ChrisBisnett, HASHEREZADE @hasherezade) have discovered that it’s possible to evade from Autoruns when using it with a default configuration. Always remember that determined attackers will work actively on hiding their activities within your network.

To better understand these techniques, we can use two categories “Direct manipulation” and “Indirect manipulation”. Read this article to better understand these categories.

Load More Related Articles
Load More In Tips & Tricks

Leave a Reply

Your email address will not be published. Required fields are marked *