Hunting for Persistence with Cympire: Part I — Registry Run Keys
Hey friend, welcome to this short series on hunting for persistence!
In this series, I have joined up with the team at Cympire to teach you how to hunt for adversary persistence mechanisms in your environment. Cympire is “The Most Advanced Cybersecurity Training & Assessment Platform” and it will provide you with a virtualized battleground to test your cyber capabilities!
Each entry in this series will cover a persistence mechanism adversaries use in the real world to maintain access to systems they compromise. Accompanying this will be a gamified scenario where you can practice the skills you learn for FREE. So let’s dig in and upskill our threat hunting capabilities!
Once an attacker gains initial access to a machine they will try to keep this access by installing a persistence mechanism. There are many ways an adversary can maintain persistence, this series will cover:
- Registry Run Keys — where attackers will add registry keys to automatically start a program when the system boots.
- Scheduled Tasks — where attackers will schedule a task to automatically run a…