Hunting for Persistence with Cympire: Part IV — Startup Folder

Hey friend, welcome to the final installment in this short series on hunting for persistence!

In this series, I have joined up with the team at Cympire to teach you how to hunt for adversary persistence mechanisms in your environment. Cympire is “The Most Advanced Cybersecurity Training & Assessment Platform” and it will provide you with a virtualized battleground to test your cyber capabilities!

Each entry in this series covers a persistence mechanism adversaries use in the real world to maintain access to systems they compromise. Accompanying this will be a gamified scenario where you can practice the skills you learn for FREE. So let’s dig in and upskill our threat hunting capabilities!

Once an attacker gains initial access to a machine they will try to keep this access by installing a persistence mechanism. There are many ways an adversary can maintain persistence, this series will cover:
1. Registry Run Keys — where attackers will add registry keys to automatically start a program when the system boots.
2. Scheduled Tasks — where attackers will schedule a task to automatically run a program at specific intervals…