From the course: Ethical Hacking: The Complete Malware Analysis Process
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
How malware achieves persistence
From the course: Ethical Hacking: The Complete Malware Analysis Process
How malware achieves persistence
- [Instructor] One of the important capabilities for malware that has a time delay or is designed to monitor for information is to be able to achieve persistence. That means ensuring that after the target computer is rebooted, the malware restarts. To do this, the target operating system or one of its processes has to restart the malware. On Windows a simple approach is for the malware to write an entry into the registry into what's known as an autostart extension point. The registry has two main top-level keys that are of interest to malware. HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. HKEY_CURRENT_USER is accessible in the user context but the malware needs to have administrative privileges in order to change HKEY_LOCAL_MACHINE keys. The registry location HKEY_LOCAL_MACHINE software Microsoft Windows current version run is where Windows looks for details of what programs to start up after the computer boots. Here we see a number of programs that will run including the system's HOTKEY…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
Types of malware3m 36s
-
(Locked)
The evolution of malware3m 40s
-
(Locked)
How malware is delivered2m 35s
-
(Locked)
How malware works3m 15s
-
(Locked)
How malware achieves persistence5m
-
(Locked)
Digging into rootkits4m 20s
-
(Locked)
Automating malware with botnets3m 57s
-
(Locked)
Virus construction kits5m 54s
-
(Locked)
Contemporary malware construction2m 47s
-
(Locked)
The MITRE ATT&CK repository2m
-
-
-
-
-