Detecting Ransomware’s Stealthy Boot Configuration Edits

Written By: Binary Defense Threat Researcher @shade_vx This blog post focuses on threat hunting methods and detections for a commonly observed technique used by Ransomware-as-a-Service (RaaS) operators. Such threat actors have often been observed altering boot loader configurations using the built-in Windows tool bcdedit.exe (Boot Configuration Data Edit) in order to: Modify Boot Status Policies […]