In this video I infect a VM with Nanocore malware and demonstrate some common techniques used by malware to survive the reboot of a machine in order to maintain a foothold on a compromised device. I also show you how to detect this activity using opensource tools such as autoruns, regshot, procmon and procdot.
Sample: bf48a5558c8d2b44a37e66390494d08e
