25 técnicas de persistencia (Windows) de Pentest Lab Creado por Vicente Motos el julio 14, 2020 Grandísima recopilación de técnicas de persistencia recogidas en el blog de Penetration Testing Lab y mapeadas con Mitre, indicando además si se necesitan permisos o no de administrador en cada una de ellas: TechniqueMitreAdministrator Rights Winlogon Helper DLL T1004 Yes Port Monitors T1013 Yes Accessibility Features T1015 Yes Shortcut Modification T1023 No Modify Existing Service T1031 Yes DLL Search Order Hijacking T1038 Yes Change Default File Association T1042 No New Service T1050 Yes Scheduled Tasks T1053 No Service Registry Permission Weakness T1058 No Registry Run Keys T1060 No WMI Event Subscription T1084 Yes Security Support Provider T1101 Yes AppInit DLLs T1103 Yes Component Object Model Hijacking T1122 No Netsh Helper DLL T1128 Yes Office Application Startup T1137 No Application Shimming T1138 Yes Screensaver T1180 No Image File Execution Options Injection T1183 Yes BITS Jobs T1197 No Time Providers T1209 Yes PowerShell Profile T1504 No Waitfor N/A Yes RID Hijacking N/A Yes Comentarios
Comentarios
Publicar un comentario