[Sektor7] RED TEAM Operator: Windows Persistence Course
Welcome to Persistence in Windows course!
Real threat actors utilize various Tactics, Techniques and Procedures (aka TTPs). One of the tactic is Persistence – a way to survive a breached machine restart and preserve access to a target environment. There is a lot of focus on what methods adversaries use to exploit a particular vulnerability or how their C2 channels and infrastructure look like. Less often you find discussions about persistence. This course is aiming to change that.
You will learn almost 30 different persistence techniques working on Windows 10. Most of them were used by nation-state threat actors, like EquationGroup, Turla, APT29, ProjectSauron or malware, including Flame or Stuxnet.
As usual you will get not only full explanation of each technique with examples, but also a working code templates (written in C) and a complete development environment you can experiment with.
You Will Learn
- Knowledge about Windows persistence used by real threat actors, including nation-state adversaries
- 27 different techniques, including:
- DLL Proxying
- COM hijacking
- Multiaction Tasks
- Port Monitors
- Time Providers
- WMI Eventing
- LSA-as-a-Persistence
- and much more…
Target Audience
- Ethical Hackers
- Penetration Testers
- Blue Teamers
- Threat Hunters
- All security engineers/professionals wanting to learn advanced offensive tactics
Requirements
- Understanding of operating system architecture
- Some experience with Windows OS
- Basic knowledge about coding in C/C++
- Computer with min. 4 GB of RAM + 30 GB of free disk space
- VirtualBox 6.0+ installed
- Strong will to learn and having fun
Instructor: reenz0h
Chief Research Officer at SEKTOR7. In the industry for over 20 years. Worked in global Red Team for almost a decade. Simulated threat actors targeting IT infrastructure across various industries (financial, technology, industrial, energy, aviation) around the world. Speaker at HackCon, PWNing, WTH@ck, Sec-T, T2, DeepSec. Gave guest lectures at several military and civil academies and universities.
Founder of x33fcon security conference
and SEKTOR7 offensive research company.