Class: RegistryPersistence

Inherits:

Detectors::Detector

• Object
• Detectors::Detector
• RegistryPersistence

Defined in:

lib/persistence_detector/detector_implementations/registry.rb

Overview

Cron detects cron job persistence

Instance Attribute Summary

Attributes inherited from Detectors::Detector

#description, #name, #platforms, #references, #ttp_id

Instance Method Summary

• #detect_persistence ⇒ Object
• #initialize ⇒ RegistryPersistence constructor

  A new instance of RegistryPersistence.

Methods inherited from Detectors::Detector

#display_metadata

Constructor Details

#initialize ⇒ RegistryPersistence

Returns a new instance of RegistryPersistence.

# File 'lib/persistence_detector/detector_implementations/registry.rb', line 13

def initialize
  super
  @ttp_id = 'T1547.001'
  @platforms = %w[cygwin mingw mingw32 mswin32 mswin64]
  @name = 'Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder'
  @description = 'Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.'
  @references = ['https://attack.mitre.org/techniques/T1547/001/']
end

Instance Method Details

#detect_persistence ⇒ Object

# File 'lib/persistence_detector/detector_implementations/registry.rb', line 22

def detect_persistence
  $logger.info('scanning for registry persistence')
end