Beyond good ol’ Run key, Part 108

June 13, 2019 in Anti-Forensics, Autostart (Persistence)

I rarely link to other people’s research, but in this case I make an exception, because the technique is pretty cool and I never heard of it before.

Look for 3.3. API Set Extensions abuse inside this document [PDF Warning]. Thanks to Ange for sending it my way.

Comments are closed.