Video walkthrough for retired HackTheBox (HTB) Forensics challenge "Persistence" [easy]: "We're noticing some strange connections from a critical PC that can't be replaced. We've run an AV scan to delete the malicious files and rebooted the box, but the connections get re-established. We've taken a backup of some critical system files, can you help us figure out what's going on?" - Hope you enjoy 🙂
Sign up for HackTheBox: [ Ссылка ]
↢Social Media↣
Twitter: [ Ссылка ]
GitHub: [ Ссылка ]
HackTheBox: [ Ссылка ]
LinkedIn: [ Ссылка ]
Reddit: [ Ссылка ]
YouTube: [ Ссылка ]
Twitch: [ Ссылка ]
↢HackTheBox↣
[ Ссылка ]
↢Resources↣
[ Ссылка ]
[ Ссылка ]
[ Ссылка ]
[ Ссылка ]
↢Chapters↣
Start - 0:00
Basic file checks - 0:36
Investigate registry forensics - 2:14
Solve with RegShell - 4:50
Bonus (solve with RegRipper) - 8:51
Bonus (analysing NTUSER.dat in Windows Commando VM) - 12:37
![](https://i.ytimg.com/vi/VmKvYRyTixw/maxresdefault.jpg)