Back to course

Introduction to Post-Exploitation Persistence

Cyber Security Mastery: From Zero to Hero

Ensuring Future Access

Persistence is the ability of an attacker to maintain access to a target system even after a reboot, disconnection, or patching attempt, often without the user knowing.

Persistence Techniques (Linux)

  1. Scheduled Tasks (cron): Adding a malicious entry to the cron table to run a reverse shell script hourly.
  2. Startup Services: Modifying system services (systemctl) or startup scripts to launch a backdoor upon boot.
  3. SSH Keys: Deploying a malicious public key to the victim's authorized keys list, allowing passwordless login via SSH.

Persistence Techniques (Windows)

  1. Registry Run Keys: Adding a path to a malicious executable in registry locations (HKCU\Software\Microsoft\Windows\CurrentVersion\Run).
  2. WMI (Windows Management Instrumentation): Using WMI event subscriptions to execute code based on triggers (fileless persistence).
  3. Scheduled Tasks (Task Scheduler): Setting up a task to execute on user login or system boot.