1 link tagged with all of: windows + ad + persistence + registry + security
Links
This article explains a technique for establishing registry persistence using an NTUSER.MAN file, which allows for registry writes without triggering typical monitoring callbacks. By placing a crafted NTUSER.MAN in a user's profile directory, attackers can load persistence keys directly into HKCU during logon, avoiding detection by conventional EDR solutions.
registry ✓
persistence ✓
security ✓
windows ✓
ad ✓