27 persistence methods in Windows. From basic to advanced, unique and known, used in malware like Stuxnet or Flame and by nation-state threat actors, including EquationGroup, Turla and APT29.
Contents
Intro and Setup
Introduction to Windows Persistence
Intro Addendum
Course VM Setup
RTO-PERS.ova
RTO-pers.zip
Low Privilege Persistence
Start Folder and Registry Keys
Logon Scripts
Shortcut Mods
Screensavers
Powershell Profile
DLL Proxying - Introduction
DLL Proxying - Demo
Component Object Model - Introduction
COMs Registry
COM Hijacks and Proxies
Admin Level Persistence
Elevated Scheduled Tasks
Multiaction Tasks
New & Modified Services
IFEO - Debugger / SilentProcessExit / Verifier
Application Shims
Windows Management Instrumentation - Introduction
WMI Event Subscription
AppCert DLLs
AppInit DLLs
Netsh Helper DLLs
Winlogon - SHELL / USERINIT
Time Providers
Port Monitors
Local Security Authority - Introduction
LSA-as-a-Persistence - SSPs & AuthPkgs
LSA-as-a-Persistence - Password Filters
Assignments
Assignment #1
Assignment #2
Assignment #3
Assignment #4
Wrap up
Summary and Next Steps
Watch Online Or Download:
[Hidden content]