Professional Documents
Culture Documents
Persistence
Techniques
Joas Antonio
Details
h ttp s : / / w ww.eld oled .com / cms _ f ile .ph p?f ro mDB =55 6 7
h ttp s : / / b ook .h acktricks . xyz / win do ws / w ind ow s -lo cal - pr ivile ge -e s calation
h ttp s : / / w ww.h ackin ga r ticles .in / win do w - p rivileg e - es cala tion - au to mated -
s cr i p t /
h ttp s : / / rah ma tn ur f au zi. med ium .com / win do ws - pr ivileg e - es cala tion - s cripts -
te ch n i qu es - 3 0fa 37 b d1 94
h ttp s : / / h akin 9. or g /p rives cch eck - p rivileg e - es cala tion - en ume ratio n - s crip t-
f o r - w in do w s /
Screensaver
h t t p s :/ / ke vi na l ma n sa . g i thu b. i o / a ppl i c a ti o n% 2 0 s e c u ri ty / D LL - P r ox y i n g /
https://www.windowstricks.in/2018/08/how -to-run-the-powershell-script-in-scheduled-task-with-
run-as-administrator.html
https://stackoverflow.com/questions/62245797/how -to-setup-a-powershell-script-in-windows-task-
scheduler-with-admin-permission
https://superuser.com/questions/1640613/how -to-run-a-powershell-script-with-elevated-access-
using-task-scheduler
https://blog.netwrix.com/2018/07/03/how -to-automate-powershell-scripts-with-task-scheduler/
https://www.reddit.com/r/PowerShell/comments/6qvp30/task_schedule_powershell_script_with_ad
min_rights/
https://o365reports.com/2019/08/02/schedule -powershell-script-task-scheduler/
https://pentestlab.blog/2019/11/04/persistence -scheduled-tasks/
https://www.elastic.co/guide/en/security/current/persistence -via-telemetrycontroller-scheduled-
task-hijack.html
https://attack.mitre.org/techniques/T1053/005/
Multiaction Task
https://pentestlab.blog/2020/01/21/persistence -wmi-event-subscription/
https://www.elastic.co/guide/en/security/current/persistence -via-wmi-event-subscription.html
https://medium.com/threatpunter/detecting -removing-wmi-persistence-60ccbb7dff96
https://www.mdsec.co.uk/2019/05/persistence -the-continued-or-prolonged-existence-of-
something-part-3-wmi-event-subscription/
https://liberty-shell.com/sec/2019/06/16/wmi -persistence/
https://techcommunity.microsoft.com/t5/microsoft -defender-for-endpoint/asr-in-intune-for-quot-
block-persistence-through-wmi-event/m-p/2068130
https://www.rapid7.com/db/modules/exploit/windows/local/wmi_persistence/
Appcert DLLS
h t t p s : / / w w w. e l a s t i c . c o / g u i d e / e n / s e c u r i t y / c u r r e n t / r e g i s t r y - p e r s i s t e n c e - v i a - a p p i n i t -
dll.html
h t t p s : / / w w w. c y b e r h u n t i n g g u i d e . n e t / t 1 5 4 6 0 1 0 . h t m l
Netsh Helper DLL
h t t p s : / / a t t a c k . m i t r e . o r g / t e c h n i q u e s / T 1 5 4 6 / 0 0 7/
h t t p s : / / w w w. i r e d . t e a m / o f f e n s i v e - s e c u r i t y / p e r s i s t e n c e / t 1 1 2 8 - n e t s h - h e l p e r - d l l
h t t p s : / / w w w. h a c k i n g a r t i c l e s . i n / w i n d o w s - p e r s i s t e n c e - u s i n g - n e t s h /
h t t p s : / / w w w. r e d d i t . c o m / r / n e t s e c / c o m m e n t s / d o n w j 5 / p e r s i s t e n c e _ n e t s h _ h e l p e r _ d l l /
h t t p s : / / l i b e r t y - s h e l l . c o m / s e c / 2 0 1 8 / 0 7/ 2 8 / n e t s h l e p /
h ttp s : / / w ww.ire d.tea m / of f en sive - s ecu rity / pe rs is te nce / t1 2 09 - hijack ing -tim e-
p r ov i de rs
h ttp s : / / me diu m.co m / @gab riel. pir jo les cu / de mys tifyin g - win do w s -m alwa re -
h u n ti ng - pa r t- 1 -d etectin g - p er sis ten ce - with- os q ue r y -b 53 5 73 c2 aac0
Port Monitors
h t t p s :/ / s e c uri tyo nl i ne . in f o / a ut o ma te d - p e rs i s te nt -b a c k do o r - me ta s pl o i t /
h t t p s :/ / s e c nha ck . i n / te ch ni qu e -t o -p e rs i s te n ce -o n -wi n do w s -1 0 - wi th - me ta s pl o i t /
h t t p s :/ / pe n te s tl a b. bl o g / 2 0 2 0 / 0 2 / 0 4 / p e rs i s te nc e -wa i t f o r /
h t t p s :/ / way s2 ha c k . co m / me ta spl o i t -f ra me w o r k /