Persistence Techniques Cookbook (Windows)

$19.99

Collection of 10 mechanisms of Windows persistence, each one with functional code and documentation:

1. Registry Run Keys — HKCU/HKLM Run, RunOnce. The classic. Code C and PowerShell.
2. Scheduled Tasks — schtasks.exe and COM API (ITaskService). Triggers: logon, idle, time-based.
3. WMI Event Subscriptions — __EventFilter + CommandLineEventConsumer. Survives reboots, difficult to detect.
4. COM Hijacking — Hijacking of CLSID in HKCU for that your DLL se cargue when a app legitimate instancia the COM object.
5. DLL Search Order Hijacking — Place malicious DLL in application directory that searches for antes that System32.
6. Startup Folder — Shell:startup shortcut with target a your payload. Simple but efectivo.
7. Services — Creation of Windows service that executes tu binario as SYSTEM.
8. AppInit_DLLs — Registry key that fuerza loads of your DLL in all process that use user32.dll.
9. Image File Execution Options — Debugger key for that your program se ejecute when se launches another (ej: notepad.exe).
10. Screensaver Abuse — SCRNSAVE.EXE registry value pointsndo a your payload.

Add to Cart Buy Now

Related Tools