Microsoft Windows AutoRuns Registry Hijack Possible Locations

info Nessus Plugin ID 70618

Synopsis

Report common registry keys used to hijack execution.

Description

Report common registry keys that can be used to hijack system process execution.

These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.

See Also

http://www.nessus.org/u?a6255dc7

http://www.nessus.org/u?76d272fa

Plugin Details

Severity: Info

ID: 70618

File Name: windows_autoruns_image_HiJacks.nbin

Version: 1.264

Type: local

Agent: windows

Family: Windows

Published: 10/25/2013

Updated: 3/26/2024

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, war/setup/ran