What is a Foothold?
Huntress looks for footholds, but what is a foothold?
An attacker may only fool an end-user into clicking a malicious link once--only one chance to run their malware. But, often, what an attacker wants is for the malware to keep running long term, even after a reboot. To achieve this, an attacker will install persistence, or what we refer to as a foothold. This foothold starts the malware the next time the computer boots. These malicious footholds use the same techniques that legitimate software, such as your Skype client and Windows Update, uses to automatically start.