Malware RED TEAM Operator: Windows Persistence Course By SekTor7

Anathol

New member
Joined
May 15, 2023
Messages
4
Hellcoins
♆27
ncq1yhy92l65g2gwk4kchbh6zvvp

27 persistence methods in Windows. From basic to advanced, unique and known, used in malware like Stuxnet or Flame and by nation-state threat actors, including EquationGroup, Turla and APT29.

Contents​

Intro and Setup​

Introduction to Windows Persistence
Intro Addendum
Course VM Setup
RTO-PERS.ova
RTO-pers.zip

Low Privilege Persistence​

Start Folder and Registry Keys
Logon Scripts
Shortcut Mods
Screensavers
Powershell Profile
DLL Proxying - Introduction
DLL Proxying - Demo
Component Object Model - Introduction
COMs Registry
COM Hijacks and Proxies

Admin Level Persistence​

Elevated Scheduled Tasks
Multiaction Tasks
New & Modified Services
IFEO - Debugger / SilentProcessExit / Verifier
Application Shims
Windows Management Instrumentation - Introduction
WMI Event Subscription
AppCert DLLs
AppInit DLLs
Netsh Helper DLLs
Winlogon - SHELL / USERINIT
Time Providers
Port Monitors
Local Security Authority - Introduction
LSA-as-a-Persistence - SSPs & AuthPkgs
LSA-as-a-Persistence - Password Filters

Assignments​

Assignment #1
Assignment #2
Assignment #3
Assignment #4

Wrap up​

Summary and Next Steps

Watch Online Or Download:
[Hidden content]
Thanks
 

omegalmao13

New member
Joined
Jun 15, 2023
Messages
4
Hellcoins
♆13
ncq1yhy92l65g2gwk4kchbh6zvvp

27 persistence methods in Windows. From basic to advanced, unique and known, used in malware like Stuxnet or Flame and by nation-state threat actors, including EquationGroup, Turla and APT29.

Contents​

Intro and Setup​

Introduction to Windows Persistence
Intro Addendum
Course VM Setup
RTO-PERS.ova
RTO-pers.zip

Low Privilege Persistence​

Start Folder and Registry Keys
Logon Scripts
Shortcut Mods
Screensavers
Powershell Profile
DLL Proxying - Introduction
DLL Proxying - Demo
Component Object Model - Introduction
COMs Registry
COM Hijacks and Proxies

Admin Level Persistence​

Elevated Scheduled Tasks
Multiaction Tasks
New & Modified Services
IFEO - Debugger / SilentProcessExit / Verifier
Application Shims
Windows Management Instrumentation - Introduction
WMI Event Subscription
AppCert DLLs
AppInit DLLs
Netsh Helper DLLs
Winlogon - SHELL / USERINIT
Time Providers
Port Monitors
Local Security Authority - Introduction
LSA-as-a-Persistence - SSPs & AuthPkgs
LSA-as-a-Persistence - Password Filters

Assignments​

Assignment #1
Assignment #2
Assignment #3
Assignment #4

Wrap up​

Summary and Next Steps

Watch Online Or Download:
[Hidden content]
thank you!
 

hoymate

New member
Joined
Jul 8, 2023
Messages
4
Hellcoins
♆7
ncq1yhy92l65g2gwk4kchbh6zvvp

27 persistence methods in Windows. From basic to advanced, unique and known, used in malware like Stuxnet or Flame and by nation-state threat actors, including EquationGroup, Turla and APT29.

Contents​

Intro and Setup​

Introduction to Windows Persistence
Intro Addendum
Course VM Setup
RTO-PERS.ova
RTO-pers.zip

Low Privilege Persistence​

Start Folder and Registry Keys
Logon Scripts
Shortcut Mods
Screensavers
Powershell Profile
DLL Proxying - Introduction
DLL Proxying - Demo
Component Object Model - Introduction
COMs Registry
COM Hijacks and Proxies

Admin Level Persistence​

Elevated Scheduled Tasks
Multiaction Tasks
New & Modified Services
IFEO - Debugger / SilentProcessExit / Verifier
Application Shims
Windows Management Instrumentation - Introduction
WMI Event Subscription
AppCert DLLs
AppInit DLLs
Netsh Helper DLLs
Winlogon - SHELL / USERINIT
Time Providers
Port Monitors
Local Security Authority - Introduction
LSA-as-a-Persistence - SSPs & AuthPkgs
LSA-as-a-Persistence - Password Filters

Assignments​

Assignment #1
Assignment #2
Assignment #3
Assignment #4

Wrap up​

Summary and Next Steps

Watch Online Or Download:
[Hidden content]
thank you!
 
Top