Thanks for stopping by and reading this blog post. Today we have a new lab setup in Azure with three virtual machines managed through Hyper V.
In one of the VM's I practising creating, hiding, renaming and deleting registry keys to learn how malware gains persistence in a system with registry keys.
I am creating keys that will open programs at startup for any user on the system, in this example I am just launching Edge at startup, simple enough I know, but it's all about understanding one of the many ways threat actors take advantage of the registry.
I am also going to investigating the [mis]use of task scheduler today.