Penetration Test - Select Your Attacks(20)

Persistence and Stealth

PERSISTENCE
  • Scheduled jobs
    • Cron or Task Manager
  • Scheduled Task
    • Same as above
  • Daemons
    • Background processes or services
  • Back doors
    • Bypass standard security controls
  • Trojan
    • Malware that looks like it does something useful
  • New user creation
    • Makes later logins easier
STEALTH
  • Clean up files, including tools installed
  • Hiding files that you need to leave
  • Sanitize log files (remove entries or entire logs)
  • Remove any traces of activity while accessing the environment

DEMO

ls	ls -l	ls -al

image-20201103211826179

Hide a file by adding a dot to the beginning.

touch eric.txt
mv eric.txt .eric.txt

image-20201103212157820

Easy to find the hidden file using ls -al or cat command.

cat .bash_history
QUICK REVIEW
  • Set up persistent processes to maintain a presence
  • Install low profile tools and malware to make your job easier
  • Leave artifacts that keep the attack going and make it easier to get back in
  • Once the attack is over, clean up to avoid post-mortem detection
posted @ 2020-11-03 21:30  晨风_Eric  阅读(42)  评论(0编辑  收藏  举报