Windows Red Team Persistence Techniques | Red Team Series 5-12
This guide is part of the HackerSploit Red Team series of guides. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
Gaining an initial foothold is not enough, you need to set up and maintain persistent access to your targets.
Chapters:
0:00 Introduction
0:21 What We’ll Be Covering
0:57 What is Persistence?
3:02 Mitre Attack Techniques – Persistence
3:55 Empire Persistence Modules
5:12 Let’s Get Started
5:21 Recap of Some Starkiller Features
7:37 Renaming Agents
8:55 Unprivileged vs Privileged Agents
10:23 Creating a an Additional Privileged Agent
17:15 Beginning our Persistence Techniques
18:23 Using the Registry-Key Persistence Module
26:08 Using the Scheduled Tasks Persistence Module
30:53 Using the WMI Persistence Module
33:43 Using Local User Accounts as a Means of Persistence
37:00 Using the PowerBreach Module to create a Backdoor
39:56 Checking if our Agents are Pinging Back
42:37 Conclusion
New to Linode? Get started here with a $100 credit!
Read the doc for more information on Persistence Techniques.
Learn more about Hackersploit.
Subscribe to get notified of new episodes as they come out.
#Linode #Security #RedTeam #Hackersploit
Product: Linode, Security, Red Team; Hackersploit;