Become King Of Hell

Malware RED TEAM Operator: Windows Persistence Course By SekTor7

andragsec

New member
Joined
Jul 13, 2023
Messages
15
Hellcoins
♆42
ncq1yhy92l65g2gwk4kchbh6zvvp

27 persistence methods in Windows. From basic to advanced, unique and known, used in malware like Stuxnet or Flame and by nation-state threat actors, including EquationGroup, Turla and APT29.

Contents​

Intro and Setup​

Introduction to Windows Persistence
Intro Addendum
Course VM Setup
RTO-PERS.ova
RTO-pers.zip

Low Privilege Persistence​

Start Folder and Registry Keys
Logon Scripts
Shortcut Mods
Screensavers
Powershell Profile
DLL Proxying - Introduction
DLL Proxying - Demo
Component Object Model - Introduction
COMs Registry
COM Hijacks and Proxies

Admin Level Persistence​

Elevated Scheduled Tasks
Multiaction Tasks
New & Modified Services
IFEO - Debugger / SilentProcessExit / Verifier
Application Shims
Windows Management Instrumentation - Introduction
WMI Event Subscription
AppCert DLLs
AppInit DLLs
Netsh Helper DLLs
Winlogon - SHELL / USERINIT
Time Providers
Port Monitors
Local Security Authority - Introduction
LSA-as-a-Persistence - SSPs & AuthPkgs
LSA-as-a-Persistence - Password Filters

Assignments​

Assignment #1
Assignment #2
Assignment #3
Assignment #4

Wrap up​

Summary and Next Steps

Watch Online Or Download:
[Hidden content]
thanks
 

Sektor112

New member
Joined
Jul 18, 2023
Messages
10
Hellcoins
♆17
ncq1yhy92l65g2gwk4kchbh6zvvp

27 persistence methods in Windows. From basic to advanced, unique and known, used in malware like Stuxnet or Flame and by nation-state threat actors, including EquationGroup, Turla and APT29.

Contents​

Intro and Setup​

Introduction to Windows Persistence
Intro Addendum
Course VM Setup
RTO-PERS.ova
RTO-pers.zip

Low Privilege Persistence​

Start Folder and Registry Keys
Logon Scripts
Shortcut Mods
Screensavers
Powershell Profile
DLL Proxying - Introduction
DLL Proxying - Demo
Component Object Model - Introduction
COMs Registry
COM Hijacks and Proxies

Admin Level Persistence​

Elevated Scheduled Tasks
Multiaction Tasks
New & Modified Services
IFEO - Debugger / SilentProcessExit / Verifier
Application Shims
Windows Management Instrumentation - Introduction
WMI Event Subscription
AppCert DLLs
AppInit DLLs
Netsh Helper DLLs
Winlogon - SHELL / USERINIT
Time Providers
Port Monitors
Local Security Authority - Introduction
LSA-as-a-Persistence - SSPs & AuthPkgs
LSA-as-a-Persistence - Password Filters

Assignments​

Assignment #1
Assignment #2
Assignment #3
Assignment #4

Wrap up​

Summary and Next Steps

Watch Online Or Download:
[Hidden content]
thanks
 
Top