Registry Keys for Persistence

Secondary Categories: 02 - Persistence Links: Startup Folder for Persistence

UserInitMprLogonScript

This key doesn’t exist by default. Add the key and just provide the path of the binary you want to call, or command to run, and on reboot it will execute.

This key is rarely swept for by defenders, but would potentially be caught of endpoint protection software is monitoring the creation of all keys.

HKCU\Environment\UserInitMprLogonScript

Netsh

RunOnce / Run

Title	URL
Windows Persistence using Netsh	https://www.hackingarticles.in/windows-persistence-using-netsh/
Hunting for Persistence: Registry Run Keys / Startup Folder	https://intel471.com/blog/hunting-for-persistence-registry-run-keys-startup-folder

The Void 🌌

Explorer

Registry Keys for Persistence

UserInitMprLogonScript

Netsh

RunOnce / Run

Graph View

Backlinks

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer

Explorer

Table of Contents

Recent Blog Posts

No More Network Bottlenecks

Unmasking Secrets - Deciphering Encrypted Passwords through Reverse Engineering

Conquering Goliath as a CCDC Blue Teamer