-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Effective Threat Investigation for SOC Analysts
By :

Persistence is the way that malware authors (attackers) maintain their access to a compromised system even after the system changes, such as by rebooting, logging off, or credential change. To achieve persistence, attackers follow several methods and techniques, such as creating an account, adding a malware path to registry run keys, installing a service, creating a scheduled task, or developing a WMI consumer.
In this section, we will explain some of the persistence techniques and how to investigate them by using the Windows event logs. To do so, we will first explain the persistence technique and then analyze the recorded Windows event logs that allow us to investigate such activities.
We will divide this section into four subsections; each subsection explains a specific persistence technique and the analysis of Windows event logs that help us to investigate related activities:
Change the font size
Change margin width
Change background colour