ImageFileExecutionOptions - if you're an incident responder you should make yourself familiar with this key. Offers multiple opportunities for malware persistence, including Application Verifiers described here.http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/ …
-
Thanks for sharing! I shared an IOC about the "Debugger Persistence method" almost 6 years ago. This is another one of the "multiple opportunities". http://web.archive.org/web/20121128083353/http://ioc.forensicartifacts.com/2012/05/debugger-persistence-mechanism/ … (thanks to http://archive.org for eternal caching) /cc
@iocbucket@Digital4rensicspic.twitter.com/4Ex0GsVmuE
I remember using this same technique ages ago to stop malware processes from running :D Some techniques definitely work both ways.
