📓
Red Team Notes
📓
Red Team Notes
📓
Red Team Notes
📓
Red Team Notes
Introduction
Red Team Notes 2.0
Red Team
Initial Access
Execution
Persistence
Scheduled Tasks
Create Account
DLL Search Order Hijacking
Hooking
Logon Scripts
Modify Existing Service
New Service
Path Interception
Registry Keys / StartUp Folder
ShortCut Modification
Privesc
Defense Evasion
Credential Access
Discovery
Lateral Movement
Collection
Command and Control
Exfiltration
Impact
Active Directory
Introduction
Enumeration
Attacks
Detection
Detection
Initial Access
Execution
Resources & References
References & Resources
Powered by GitBook

Persistence

The adversary is trying to maintain their foothold

The adversary is trying to maintain their foothold

Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their fotthold on systems, such as replacing or hijacking legitimate code or adding startup code.

Many tool's are great for these Post-Exploitation techniques such as Empire, Cobalt Strike, Covenant, Kodiac, Merlin, Metasploit and many other's we can also just use a simple ncat shell that act's as a listener, we can also use RDP sessions where in our post-exploitation we create and add a user to this, to access the target machine.

Previous
Windows Management Instrumentation (WMI)
Next
Scheduled Tasks
Last updated 1 year ago