dissect.target icon indicating copy to clipboard operation
dissect.target copied to clipboard
verified publisher icon fox-it

Create Autoruns plugin

Open DissectBot opened this issue 1 year ago • 0 comments

There are too many registry paths at which you can run something in Windows. Some are already in generic.py, but maybe it's a good idea to just create a autoruns.py which houses most of those. Maybe a utility function to easily add a new function, because it could still be nice to have a separate callable function for some of those. If it's a namespace, you could also call the namespace and return everything.

hxxps://gist.github.com/GlebSukhodolskiy/0fc5fa5f482903064b448890db1eaf9d

DIS-176 as other reference.

Some suggestions:

  • Office addins
  • iexplore
  • Shell extensions
  • Scripts
  • Winlogon
  • Credential providers
  • LSA
  • Alternate shell

DissectBot avatar Mar 18 '24 14:03 DissectBot