Microsoft Windows AutoRuns Registry Hijack Possible Locations

Info Nessus Plugin ID 70618


Report common registry keys used to hijack execution.


Report common registry keys that can be used to hijack system process execution.

These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.



See Also

Plugin Details

Severity: Info

ID: 70618

File Name: windows_autoruns_image_HiJacks.nbin

Version: $Revision: 1.107 $

Type: local

Agent: windows

Family: Windows

Published: 2013/10/25

Modified: 2018/03/13

Dependencies: 10401, 13855, 70627

Risk Information

Risk Factor: Info

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, war/setup/ran