Name Modification of Registry Run Keys
Summary An adversary adds a new entry to the "run keys" in the registry so that an application of his choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions.
Prerequisites The adversary must have gained access to the target system via physical or logical means in order to carry out this attack.
Solutions Identify programs that may be used to acquire process information and block them by using a software restriction policy or tools that restrict program execution by process whitelisting.
Related Weaknesses
CWE ID Description
CWE-15 External Control of System or Configuration Setting
Back to Top