Which persistence mechanism will evade detection by Sysinternals AutoRuns?
Which persistence mechanism will evade detection by Sysinternals AutoRuns?
The persistence mechanism that is most likely to evade detection by Sysinternals AutoRuns is WMI event subscription. AutoRuns is designed to detect various autostarting locations including scheduled tasks, user accounts, and new services, which makes these methods more easily detectable. WMI (Windows Management Instrumentation) event subscriptions can be used to achieve persistence in a more stealthy manner as they are less likely to be flagged by AutoRuns.
D WMI Options A (Configuring scheduled tasks), B (Adding user accounts), and C (New service creation) are more likely to be detected by Sysinternals AutoRuns as it is designed to highlight entries associated with scheduled tasks, user accounts, and services.