25 técnicas de persistencia (Windows) de Pentest Lab

Grandísima recopilación de técnicas de persistencia recogidas en el blog de Penetration Testing Lab y mapeadas con Mitre, indicando además si se necesitan permisos o no de administrador en cada una de ellas:

Technique	Mitre	Administrator Rights
Winlogon Helper DLL	T1004	Yes
Port Monitors	T1013	Yes
Accessibility Features	T1015	Yes
Shortcut Modification	T1023	No
Modify Existing Service	T1031	Yes
DLL Search Order Hijacking	T1038	Yes
Change Default File Association	T1042	No
New Service	T1050	Yes
Scheduled Tasks	T1053	No
Service Registry Permission Weakness	T1058	No
Registry Run Keys	T1060	No
WMI Event Subscription	T1084	Yes
Security Support Provider	T1101	Yes
AppInit DLLs	T1103	Yes
Component Object Model Hijacking	T1122	No
Netsh Helper DLL	T1128	Yes
Office Application Startup	T1137	No
Application Shimming	T1138	Yes
Screensaver	T1180	No
Image File Execution Options Injection	T1183	Yes
BITS Jobs	T1197	No
Time Providers	T1209	Yes
PowerShell Profile	T1504	No
Waitfor	N/A	Yes
RID Hijacking	N/A	Yes

hackplayers

Buscar este blog

25 técnicas de persistencia (Windows) de Pentest Lab

Comentarios

Publicar un comentario