https://feed.craftedsignal.io/tags/attack.t1490/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 03 Jan 2024 14:30:00 +0000https://feed.craftedsignal.io/briefs/2024-01-system-restore-disable/Wed, 03 Jan 2024 14:30:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-system-restore-disable/Attackers may attempt to disable system restore via registry modifications through the command line to prevent recovery after malicious activity.<p>Attackers may attempt to disable the Windows System Restore feature to hinder forensic analysis and recovery efforts. This involves modifying specific registry keys related to System Restore configuration and operation, effectively preventing the system from creating or using restore points. The commands are executed via cmd, PowerShell or other scripting engines. Disabling System Restore can allow malware to operate without the risk of easy rollback, potentially increasing the impact of a…</p> highadvisoryattack.impactattack.t1490