The following table contains all the techniques covered and whether or not administrator rights are needed to establish persistence.
| No | Technique | MITRE ID | Administrator Rights |
|---|---|---|---|
| 1 | Registry Run Keys | No | |
| 2 | Service Registry Permission Weakness | No | |
| 3 | Scheduled Tasks | No | |
| 4 | Shortcut Modification | No | |
| 5 | BITS Jobs | No | |
| 6 | PowerShell Profile | No | |
| 7 | Screensaver | No | |
| 8 | Component Object Model Hijacking | No | |
| 9 | Change Default File Association | No | |
| 10 | Office Application Startup | No | |
| 11 | Visual Studio Code Extensions | No | |
| 12 | Explorer | No | |
| 13 | WinLogon Helper DLL | Yes | |
| 14 | RID Hijacking | Yes | |
| 15 | Time Providers | Yes | |
| 16 | Image File Execution Options Injection | Yes | |
| 17 | Application Shimming | Yes | |
| 18 | DLL Search Order Hijacking | Yes | |
| 19 | AppInit DLLs | Yes | |
| 20 | Netsh Helper DLL | Yes | |
| 21 | Accessibility Features | Yes | |
| 22 | Port Monitors | Yes | |
| 23 | Security Support Provider | Yes | |
| 24 | AMSI | Yes | |
| 25 | WMI Event Subscription | Yes | |
| 26 | Print Spooler | Yes | |
| 27 | Certificates | Yes | |
| 28 | Notepad++ | Yes | |
| 29 | Event Log | Yes | |
| 30 | Event Log Online Help | Yes | |
| 31 | Context Menu | Yes | |
| 32 | Service Control Manager | Yes | |
| 33 | Windows Telemetry | Yes | |
| 34 | Scheduled Task Tampering | Yes | |
| 35 | Disk Clean Up | Yes | |
| 36 | Windows Setup Script | Yes | |
| 37 | Waitfor | Yes | |
| 38 | New Service | Yes | |
| 39 | Modifying Existing Service | Yes | |
| 40 | DLL Proxy Loading | No |
Penetration Testing Lab 
Leave a comment