Chasing Adversaries with Autoruns – evading techniques and countermeasures
https://blogs.technet.microsoft.com/motiba/2017/11/04/chasing-adversaries-with-autoruns-evading-techniques-and-countermeasures/ [blogs.technet.microsoft.com]
2017-11-08 04:01
Sysinternals Autoruns is a great utility for defenders to discover and disable malware and adversaries’ persistence points. There are similar programs, but as the author of Autoruns says: “(Autoruns) has the most comprehensive knowledge of auto-starting locations ”, therefore the focus here is on Autoruns.
In the last weeks couple of security researches (Kyle - @KyleHanslovan, Chris - @ChrisBisnett HASHEREZADE @hasherezade) have discovered that it’s possible to evade from autoruns when using it with a default configuration. Always remember that determined attackers will work actively on hiding their activities within your network.
source: grugq