Windows Registry Persistence Techniques without Registry Callbacks

Uncategorized
Yanac

A blog post on a technique I’ve been sitting on for almost 18 months that is wildly succesful against all EDRs. Why? They don’t see anything other than the file write to %USERPROFILE% (NTUSER.MAN) and not the writes to HKCU. Ultimately making it incredibly effective for medium integrity persistence through the registry/without tripping detections. submitted by /u/radkawar [link] [comments]Technical Information Security Content & DiscussionRead More