Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,593
Was the service stopped prior the reboot by the fileless attack (a pending service stop operation) or stopped by the fileless attack after the reboot? How would the fileless attack survive the reboot?
If you watch the video carefully, I show that the service is not stopped before the Windows restart.
There are many fileless persistence methods. The most known is hiding the malicious code in the Registry (not used in the video).