Difficulty: HIGH

Recreate Darkpulsar persistence (EquationGroup tool)

Hint #1: check Telephony Service Provider documentation. Focus on TAPI 2.x (not 3.x)
Hint #2: set TapiSrv and Rasman services to AUTOSTART
Hint #3:
don't implement privilege escalation by abusing SeImpersonate token privilege of TapiSrv. For the exercise just change TapiSrv user from NETWORK SERVICE to SYSTEM in service configuration.

RED TEAM Operator: Windows Persistence Course

Already enrolled?
Sign in to continue learning.