Persistence

The adversary is trying to maintain their foothold

The adversary is trying to maintain their foothold

Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their fotthold on systems, such as replacing or hijacking legitimate code or adding startup code.

Many tool's are great for these Post-Exploitation techniques such as Empire, Cobalt Strike, Covenant, Kodiac, Merlin, Metasploit and many other's we can also just use a simple ncat shell that act's as a listener, we can also use RDP sessions where in our post-exploitation we create and add a user to this, to access the target machine.