Tag

Mandatory-Profile

1 brief RSS

Potential Persistence via Mandatory User Profile Modification

Adversaries may abuse Windows mandatory profiles by dropping a malicious NTUSER.MAN file containing pre-populated persistence-related registry keys to establish persistence, which can evade traditional registry-based monitoring.

Elastic Defend persistence windows mandatory-profile file-modification

2r 2t Jan 3, 2024