[ghjuyetmolyuiw]

Which method is your go to when it comes to persistence?

I'm familiar with the basics in Windows, like:

- Dropping something in the Startup directory.
- Go to the registry and modify the Run and RunOnce keys.
- DLL Hijacking & DLL Proxying

But, what other methods do you know?

Would you recommend one over the other? Why?

And for Linux? Which is your go to?

[hacxx]

I will use a combination of registry keys.

1 - Dropping a registry key to autostart an exe like random2.exe
2 - Then drop a second registry key at IFEO to debug ransom2.exe and point to the right exe

It's called registry hive...

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: 2.4) Survey, URL Shorteners, Referral links, or any type of "monetized" links are not allowed. This includes upload websites where you earn money for sharing a download.

[ghjuyetmolyuiw]

I will use a combination of registry keys.

1 - Dropping a registry key to autostart an exe like random2.exe
2 - Then drop a second registry key at IFEO to debug ransom2.exe and point to the right exe

It's called registry hive...

I will take a look at it, thanks!

---

If you need some idea, check this :
https://attack.mitre.org/tactics/TA0003/

But there is schtasks, services, BITS jobs etc ...

That's a good starting point, I should have started by looking there lol. Thanks!

[hacxx]

If you need some idea, check this :
https://attack.mitre.org/tactics/TA0003/

But there is schtasks, services, BITS jobs etc ...

Thanks, BITS it's a bit old and at the moment i'm not into malware.

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: 2.4) Survey, URL Shorteners, Referral links, or any type of "monetized" links are not allowed. This includes upload websites where you earn money for sharing a download.