This two-day course will cover the basics of persistence for Windows and Linux. It is a useful introductory course for defense or offense. Persistence is the method for staying resident on a system after compromise. The ‘P‘ in APT. We’ll cover basic persistence so this class will cover BPT!

Requirements:

Students will require a laptop capable of running a few virtual machines. Previous experience with Metasploit will be useful but not necessary.

Course outline:

• Overview of hacker methodology
• Reasons for persistence
• Types of persistence
  • Hardware
    • Firmware, dongles, wireless
  • Software
    • interactive shell
      • bind
      • reverse
      • triggered
    • bot (non-interactive)
      • command-and-control service
• Windows persistence
  • registry
  • services
  • startup folder
  • trojan executable
  • dll path hijacking
  • scheduled tasks
    • at, schtasks
    • PowerShell
  • WMI
• Linux persistence
  • startup scripts
    • init, systemd
  • services
    • trojan executable
  • packages
    • deb, rpm
  • scheduled tasks
    • at, cron
  • bash techniques (source files for shells)
  • ld_preload

There will be hands-on labs and take home labs.

Bio:

Ard Haskell has nearly two decades of experience in IT administration, engineering and intelligence collection & analysis. Currently a subject matter expert, security researcher and instructor with Chiron Technology Services where he often teaches classes in offensive and defensive security. Previously he worked as a defense contractor at various organizations, and before that he worked in the SIGINT field while in the US Air Force.