Product
high
advisory
Persistence via Hidden Run Key Detected
2 rules 1 TTPThis rule detects a persistence mechanism that utilizes the NtSetValueKey native API to create a hidden (null terminated) registry key, evading detection from system utilities.
Elastic Defend +4
persistence
registry
windows
2r
1t
medium
advisory
Windows Port Forwarding Rule Addition via Registry Modification
2 rules 3 TTPsAn adversary may abuse port forwarding to bypass network segmentation restrictions by creating a new port forwarding rule through modification of the Windows registry.
Elastic Defend +3
port-forwarding
registry-modification
command-and-control
defense-evasion
windows
2r
3t