
Maintaining persistence as a tactic includes actions that will ensure that your program will run if the target machine is restarted, there are various techniques that can be used to acheive persitence.
- Advanced - Targeted, coordinated, purposeful
- Persistent - Month after month, year after year
- Threat - Attacker with intent, opportunity, and capability
Cyber-Kill-Chain definition courtesy of: Lockheed Martin.
Lockheed Martin Cyber Kill ChainCreate a new registry key and acheiving persitence through modifying HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, using Windows API's in C++. The Microsoft Developer Network (MSDN) pages are comprehensive as reference material.
The following C++ code has been added to our C++ "RedTeamAgent". I have written a C++ trojan that utilizes Windows API's and core features of the C++ language as it leverages Windows API's and functions to perform tasks and remain undetected. The UpdateRegistry function is useful here, as seen in the Gist below:
Keep following me on social media to stay tuned for the follow up to this post...
Share with your network
Grant Knoetze
IT Support Specialist Cybersecurity Amalyst Software Developer