Common Persistence Strategies - Emulating, Preventing, and Detecting

  • Wednesday, 14 Sep 2022 10:00AM EDT (14 Sep 2022 14:00 UTC)
  • Speaker: Michel Coene

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses.

There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important from a blue team perspective to understand the techniques employed by the attackers to remain in your environment for a longer period of time. In this follow-up webcast to Finding the Hidden Visitor - Persistence Mechanisms to Look Out For, we will do a review of the most commonly used persistence mechanisms and provide some examples on how they are used by attackers, as well as how they try to prevent detections by combining tactics.