Potential Persistence Via GlobalFlagsJun 5, 2023 · attack.privilege_escalation attack.persistence attack.defense_evasion attack.t1546.012 car.2013-01-002 ·
Detects registry persistence technique using the GlobalFlags and SilentProcessExit keys
Potential Persistence Via App Paths Default PropertyFeb 1, 2023 · attack.persistence attack.t1546.012 ·
Detects changes to the "Default" property for keys located in the \Software\Microsoft\Windows\CurrentVersion\App Paths\ registry. Which might be used as a method of persistence The entries found under App Paths are used primarily for the following purposes. First, to map an application's executable file name to that file's fully qualified path. Second, to pre-pend information to the PATH environment variable on a per-application, per-process basis.