In this video we'll be exploring how to attack, detect and defend against the abuse of Windows Screensavers an example of EventDriven Execution. Screensavers aren’t too common anymore thanks to powersaving monitors – but the feature still exists in Windows, and can be used by attackers as a simple means of establishing persistence on a compromised machine.

If you find the video useful please do give it a like, and consider subscribing if you want more of this sort of content. Drop a note in the comments if there’s anything you think I missed, or if you have a good idea of what topic I should cover next.

Further reading/watching:
Mitre ATT&CK on Screensavers: https://attack.mitre.org/techniques/T...
Attack/Detect/Defend video on Default File Associations:    • Abusing Default File Associations (Pe...  
* And direct link to registry monitoring section:    • Abusing Default File Associations (Pe...  
Attack/Detect/Defend video on Path Interception:    • Path Interception (Persistence & Priv...  
* And direct link to application control section:    • Path Interception (Persistence & Priv...  

Audio Credits (licensed under CC0):
Intro/Outro Music by Flavio Concini (https://freesound.org/people/Greek555/)
Transition audio: "Ethereal Woosh" by Newagesoup (https://freesound.org/people/newagesoup/)

Timestamps:
0:00 Intro
1:09 Attack
3:42 Detect
4.58 Defend