Abstract image of a woman sitting on books and studying on a laptop

Persistence and Cleanup

UTD Computer Security Group, profile picture
UTD Computer Security Group

This document discusses penetration testing persistence and clean up. It defines persistence as getting back into a system without repeating the entire access process, even if the system is patched or reboots. Good persistence techniques include leaving an executable to run at startup, on intervals, or after a task, or setting a timer. Bad techniques are backdoors, open connections when not in use, and excessive data transfers. Ugly but effective ways are adding users or injecting into processes long-term. Metasploit and adding start-up executables or services are discussed for persistence. Clean up removes traces of access by modifying rather than deleting logs, and removing scripts or persistence artifacts. Windows and Linux clean up steps are also outlined.

Technology
Related topics:
Penetration-Testing
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
Penetration Testing: Persistence and Clean up November 1st 2017
What is Persistence 1. Getting back into the system without going through the entire process again 2. Leaving a way to get back in even if the system is patched 3. Getting back in after the system reboots 4. Not being seen on the box
Good ways to leave persistence 1. Leaving an executable that will… a. Run when the system starts b. Execute in intervals calling back to handler c. Run when a certain task is done d. Set a timer to run only after x minutes of system boot
Bad ways to leave persistence 1. Backdoors 2. Leaving connections open when not in use 3. Sending a lot of data back to your handler
Ugly but effective ways of leaving persistence 1. Adding users 2. Injecting into processes for long periods of time
Metasploit Persistence
Metasploit Persistence
Startup Executable Adding executable to Windows startup: C:Users<user name>AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Adding services in linux: ../init.d/malicious.service - systemctl enable malicious.service
What is Clean up 1. Removing any trace you were there 2. Modifying not deleting log files 3. Removing scripts that you left laying around 4. Removing persistence
Windows Clean up
Linux Clean up /var/log/messages Remove bash history ~./bash_history Any trace you were there in /var/log/

More Related Content

PDF
TEMS Intallation 8.0.3 Guide
Tempus Telcosys
 
PPT
Web Services 8
pradeepfdo
 
PDF
A Quick Look At Cassandra
bryanwslideshare
 
PDF
Pandora FMS: End to End Exchange Plugin
Pandora FMS
 
PDF
Installation instructions for mscal
Luis Huete
 
PPTX
Fix causes and solutions why system restore failed due to antivirus errors
Antivirus Support
 
PPTX
SOFTWARE Engineering (SOFTWARE TESTING).pptx
arthurtembo02
 
PPTX
System Development life cycle for grade 11
SudathPriyantha5
 
TEMS Intallation 8.0.3 Guide
Tempus Telcosys
 
Web Services 8
pradeepfdo
 
A Quick Look At Cassandra
bryanwslideshare
 
Pandora FMS: End to End Exchange Plugin
Pandora FMS
 
Installation instructions for mscal
Luis Huete
 
Fix causes and solutions why system restore failed due to antivirus errors
Antivirus Support
 
SOFTWARE Engineering (SOFTWARE TESTING).pptx
arthurtembo02
 
System Development life cycle for grade 11
SudathPriyantha5
 

Similar to Persistence and Cleanup (20)

PPTX
Operations on Processes and Cooperating processes
VishnuMenon59
 
PDF
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf
IGedeArieYogantaraSu
 
PDF
How to escalate privileges to administrator in latest Windows.
Soya Aoyama
 
PPTX
Process Management of Operating Systems.
hostnameharsh
 
PPT
UNIT I Process management main concept.ppt
vaibavmugesh
 
PDF
Inter Process Communication in operating system
ankitashah871482
 
PPTX
Process and threads
Merwin Arthur Guinto
 
PPTX
System Analysis And Design 2011
tgushi12
 
PPTX
Chapter 6 Concurrency: Deadlock and Starvation
VishalNayakwadi
 
PDF
Parallel and Distributed Computing Chapter 12
AbdullahMunir32
 
PDF
ScalaUA - distage: Staged Dependency Injection
7mind
 
PPT
Processor Allocation (Distributed computing)
Sri Prasanna
 
PPT
Integrated Test Environment for Tandem Software Applications
guest77744e
 
PPTX
Wcl303 russinovich
conleyc
 
PDF
CEIS106_Final_Project.pptx.pdf
luxasuhi
 
PDF
Troubleshooting QuickBooks Multi-User Mode Issues A Complete Guide.pdf
dennislopez2310
 
PPTX
Unit-6 Implemntation and Maintenance.pptx
thekaizen2004
 
PDF
Operating system concepts ninth edition (2012), chapter 2 solution e1
Navid Daneshvaran
 
PPTX
3. Process Concept in operating system.pptx
viceprincipalbfc
 
PPTX
distributed system models syllabus from enginnering
SanikaPatil68377
 
Operations on Processes and Cooperating processes
VishnuMenon59
 
Laporan Praktikum Keamanan Siber - Tugas 2 -Kelas C - Kelompok 3.pdf
IGedeArieYogantaraSu
 
How to escalate privileges to administrator in latest Windows.
Soya Aoyama
 
Process Management of Operating Systems.
hostnameharsh
 
UNIT I Process management main concept.ppt
vaibavmugesh
 
Inter Process Communication in operating system
ankitashah871482
 
Process and threads
Merwin Arthur Guinto
 
System Analysis And Design 2011
tgushi12
 
Chapter 6 Concurrency: Deadlock and Starvation
VishalNayakwadi
 
Parallel and Distributed Computing Chapter 12
AbdullahMunir32
 
ScalaUA - distage: Staged Dependency Injection
7mind
 
Processor Allocation (Distributed computing)
Sri Prasanna
 
Integrated Test Environment for Tandem Software Applications
guest77744e
 
Wcl303 russinovich
conleyc
 
CEIS106_Final_Project.pptx.pdf
luxasuhi
 
Troubleshooting QuickBooks Multi-User Mode Issues A Complete Guide.pdf
dennislopez2310
 
Unit-6 Implemntation and Maintenance.pptx
thekaizen2004
 
Operating system concepts ninth edition (2012), chapter 2 solution e1
Navid Daneshvaran
 
3. Process Concept in operating system.pptx
viceprincipalbfc
 
distributed system models syllabus from enginnering
SanikaPatil68377
 
Ad

More from UTD Computer Security Group (20)

PDF
Py jail talk
UTD Computer Security Group
 
PDF
22S kickoff 2.0 (kickoff + anonymity talk)
UTD Computer Security Group
 
PPTX
Cloud talk
UTD Computer Security Group
 
PPTX
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group
 
PPTX
Forensics audio and video
UTD Computer Security Group
 
PPTX
Computer networks and network security
UTD Computer Security Group
 
PPTX
Intro to python
UTD Computer Security Group
 
PPTX
Powershell crash course
UTD Computer Security Group
 
PPTX
Intro to cybersecurity
UTD Computer Security Group
 
PPTX
Intro to Bash
UTD Computer Security Group
 
PDF
Web Exploitation
UTD Computer Security Group
 
PDF
Network Exploitation
UTD Computer Security Group
 
PDF
Penetration Testing: Celestial
UTD Computer Security Group
 
PDF
Introduction to Exploitation
UTD Computer Security Group
 
PDF
Cryptography Crash Course
UTD Computer Security Group
 
PDF
Fuzzing - Part 2
UTD Computer Security Group
 
PDF
Exploitation Crash Course
UTD Computer Security Group
 
PDF
Fuzzing - Part 1
UTD Computer Security Group
 
PDF
Protostar VM - Heap3
UTD Computer Security Group
 
PDF
Heap Base Exploitation
UTD Computer Security Group
 
Py jail talk
UTD Computer Security Group
 
22S kickoff 2.0 (kickoff + anonymity talk)
UTD Computer Security Group
 
Cloud talk
UTD Computer Security Group
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group
 
Forensics audio and video
UTD Computer Security Group
 
Computer networks and network security
UTD Computer Security Group
 
Intro to python
UTD Computer Security Group
 
Powershell crash course
UTD Computer Security Group
 
Intro to cybersecurity
UTD Computer Security Group
 
Intro to Bash
UTD Computer Security Group
 
Web Exploitation
UTD Computer Security Group
 
Network Exploitation
UTD Computer Security Group
 
Penetration Testing: Celestial
UTD Computer Security Group
 
Introduction to Exploitation
UTD Computer Security Group
 
Cryptography Crash Course
UTD Computer Security Group
 
Fuzzing - Part 2
UTD Computer Security Group
 
Exploitation Crash Course
UTD Computer Security Group
 
Fuzzing - Part 1
UTD Computer Security Group
 
Protostar VM - Heap3
UTD Computer Security Group
 
Heap Base Exploitation
UTD Computer Security Group
 
Ad

Recently uploaded (20)

PPTX
Modernising the Digital Integration Hub
Daniel Toomey
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Modernising the Digital Integration Hub
Daniel Toomey
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Unlock new opportunities with location data.pdf
Precisely
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 

Persistence and Cleanup

  • 1. Penetration Testing: Persistence and Clean up November 1st 2017
  • 2. What is Persistence 1. Getting back into the system without going through the entire process again 2. Leaving a way to get back in even if the system is patched 3. Getting back in after the system reboots 4. Not being seen on the box
  • 3. Good ways to leave persistence 1. Leaving an executable that will… a. Run when the system starts b. Execute in intervals calling back to handler c. Run when a certain task is done d. Set a timer to run only after x minutes of system boot
  • 4. Bad ways to leave persistence 1. Backdoors 2. Leaving connections open when not in use 3. Sending a lot of data back to your handler
  • 5. Ugly but effective ways of leaving persistence 1. Adding users 2. Injecting into processes for long periods of time
  • 8. Startup Executable Adding executable to Windows startup: C:Users<user name>AppDataRoamingMicrosoftWindowsStart MenuProgramsStartup Adding services in linux: ../init.d/malicious.service - systemctl enable malicious.service
  • 9. What is Clean up 1. Removing any trace you were there 2. Modifying not deleting log files 3. Removing scripts that you left laying around 4. Removing persistence
  • 11. Linux Clean up /var/log/messages Remove bash history ~./bash_history Any trace you were there in /var/log/