PHASE RESULTS BY SCENARIO RUN
04:12 pmOn asset
acad2753-un (172.16.14.57)
Phase
Outcome
Mitigation Recommendations
Persistence
Through Startup FolderInstall or Verify Advanced
Endpoint Security TechnologiesMonitor and/or block anomalous registry changes
Employ Registry
Protection Techniques 04:12 pmOn asset
acad3485-prot (172.16.15.39)
Phase
Outcome
Mitigation Recommendations
Persistence Through Startup Folder
Install or Verify Advanced Endpoint Security Technologies
Monitor and/or block anomalous registry changes
Employ Registry Protection Techniques
FailedFailed PERSISTENCE THROUGH WINDOWS REGISTRY SCENARIO
RESULTS Detailed description, results and mitigation recommendations for this scenario.
D ES CR IPT ION PERSISTENCE THROUGH WINDOWS REGISTRY
Many types of malware attempt to achieve persistence by creating or modifying Windows Registry key entries.
These entries allow malware to load a malicious executable or DLL when a certain system action is carried out,
usually
on startup, but also when the browser is opened, or a certain type of leis accessed.
This scenario mimics registry-based techniques that malware use in order to achieve persistence in compromised systems. By creating the following registry keys, attackers would be able to automatically execute malicious binaries on system reboot or when
other programs are executed, allowing them to keep the system compromised. It is important fora security analyst to keep track of the following registry entries and monitor them so only legitimate software is using them.
The scenario will attempt to create these registry entries, and if successful, remove them immediately. If
the registry keys are created, the attack will beset as successful. The attack will beset as failed otherwise.
SCENARIO RESULTS BY ASSET LAST RUN)
Share with your friends: 
