Failing to Revive AUTOEXEC.BAT on Windows 7 & 10
ATT&CK techniques detected
T1547.001Registry Run Keys / Startup Folder
97%
“value i usually wouldn ’ t document quick, failed research like this but @ hexacorn ( adam ) and i tend to operate on the same wavelength. his recent blog highlighting his failure to bypass autoruns with the autorunsdisabled functionality was my motivation for this. like adam, i …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1547.001Registry Run Keys / Startup Folder
79%
“to start logging at boot - up with the “ enable boot logging ” option. the vms were rebooted and procmon recorded the data like a charm. with the data loaded, i configured a handful of filters to look for processes : - accessing paths containing the string “ autoexec ” - registry…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1547Boot or Logon Autostart Execution
34%
“to start logging at boot - up with the “ enable boot logging ” option. the vms were rebooted and procmon recorded the data like a charm. with the data loaded, i configured a handful of filters to look for processes : - accessing paths containing the string “ autoexec ” - registry…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Does AUTOEXEC.BAT still run on modern Windows? We test Windows 7/10, explore registry persistence, and revisit how attackers maintain access today.