What is Persistence?

00:00

hello and welcome to another application of the minor attack framework discussion today. We're getting into our next phase and therefore we're going to be discussing persistence and so no better time to look at what is persistence. So

00:16

within minor persistence is when a threat actor attempts to maintain access to the environment,

00:22

also known as a foothold

00:24

threat. Actors commonly attempt to men maintain access after reboots of systems, changes to credentials, changes to the network. And so this can include things like the replacement of legitimate code or adding items to start up tasks. And so

00:40

outside of those things as well. This kid include the installation of remote access tools. Oh, are other backdoor functions on systems that would hopefully not get caught in the process of remediation or something of that nature. Now, within the persistence section,

00:59

we're going to be looking at the following areas. Now there's mawr than

01:02

the few that were mentioning here.

01:04

But these are the ones we've chosen to focus on, so we're gonna look at accessibility features and how those air used we're going talk specifically about boot kits, browser extensions, component firm, where the creation of an account hooking and new services

01:21

again. Each of these areas is probably compounded, so it may not be just one of these areas that a threat actor

01:27

would implement in order to establish persistence. It could be a combination of creating a new account, creating a boot kit, maybe implementing a new service,

01:38

adding browser extensions, messing with accessibility features.

01:42

It's quite possible and feasible that a threat actor would have a tool that would make multiple changes so that if one particular victor was cut off, they would still have another that they could use and maybe give a false sense of security to the end user. So with them in mind, I want to thank you for your time today, and I look forward to seeing you again