Ajout d’un truc dans le dossier Startup

ManderVoronwe / soc-g3

1 stars 0 forks source link

Ajout d’un truc dans le dossier Startup #14

Open tidalwaave opened 11 months ago

tidalwaave commented 11 months ago

Medium

tidalwaave commented 11 months ago

C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

tidalwaave commented 11 months ago

https://labs.withsecure.com/publications/attack-detection-fundamentals-code-execution-and-persistence-lab-2

tidalwaave commented 11 months ago

index=* source="WinEventLog:Sysmon" 
EventCode=11 
(TargetFilename="C:\\Users\\*\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" 
OR TargetFilename="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup")

tidalwaave commented 11 months ago

File created in Startup Folder Potential persistence setup

tidalwaave commented 11 months ago

LOW severity