Time
8 hours 28 minutes
Difficulty
Beginner
CEU/CPE
10

Video Transcription

00:00
hello and welcome to another application of the minor attack framework discussion today. We're getting into our next phase and therefore we're going to be discussing persistence and so no better time to look at what is persistence. So
00:16
within minor persistence is when a threat actor attempts to maintain access to the environment,
00:22
also known as a foothold
00:24
threat. Actors commonly attempt to men maintain access after reboots of systems, changes to credentials, changes to the network. And so this can include things like the replacement of legitimate code or adding items to start up tasks. And so
00:40
outside of those things as well. This kid include the installation of remote access tools. Oh, are other backdoor functions on systems that would hopefully not get caught in the process of remediation or something of that nature. Now, within the persistence section,
00:59
we're going to be looking at the following areas. Now there's mawr than
01:02
the few that were mentioning here.
01:04
But these are the ones we've chosen to focus on, so we're gonna look at accessibility features and how those air used we're going talk specifically about boot kits, browser extensions, component firm, where the creation of an account hooking and new services
01:21
again. Each of these areas is probably compounded, so it may not be just one of these areas that a threat actor
01:27
would implement in order to establish persistence. It could be a combination of creating a new account, creating a boot kit, maybe implementing a new service,
01:38
adding browser extensions, messing with accessibility features.
01:42
It's quite possible and feasible that a threat actor would have a tool that would make multiple changes so that if one particular victor was cut off, they would still have another that they could use and maybe give a false sense of security to the end user. So with them in mind, I want to thank you for your time today, and I look forward to seeing you again
02:01
soon.

Up Next

Application of the MITRE ATT&CK Framework

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor