Windows Local Privilege Escalation via CdpSvc service (Writeable SYSTEM path Dll Hijacking)
Weaponizing for privileged file writes bugs with PrintNotify Service
Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
Adapt practically persistence steadiness strategies working at Windows 10 utilized by sponsored nation-state threat actors, as Turla, ProjectSauron, APT29, EquationGroup, including Stuxnet / Flame.
Wisper helps to maintain access to windows machine and have some other cool features like UAC Disable,Firewall Disable,Dumping Credentials,etc.
This guide empowers non-tech Windows users to detect persistence threats, highlighting signs like cmd windows at startup, registry checks, and spotting malicious commands in PowerShell, cmd, rundll32,...
RatInject: C++ tool for stealthy Windows persistence via registry-based techniques.
This case study analyzed a low-complexity but real-world-relevant example of attacker persistence using the built-in Windows utility schtasks.exe.
A lightweight red team beacon with COM-based persistence and HTTP-based exfiltration.