Assignment #4 | Assignments | RED TEAM Operator: Windows Persistence Course | Products | SEKTOR7 Institute

Assignment #4

Assignment #4

(optional)

Difficulty: HIGH

Recreate Darkpulsar persistence (EquationGroup tool)

Hint #1: check Telephony Service Provider documentation. Focus on TAPI 2.x (not 3.x)
Hint #2: set TapiSrv and Rasman services to AUTOSTART
Hint #3: don't implement privilege escalation by abusing SeImpersonate token privilege of TapiSrv. For the exercise just change TapiSrv user from NETWORK SERVICE to SYSTEM in service configuration.

RED TEAM Operator: Windows Persistence Course

Buy nowLearn more

Intro and Setup

Introduction to Windows Persistence

Intro Addendum

Course VM Setup

RTO-PERS.ova

RTO-pers.zip

Low Privilege Persistence

Startup Folder and Registry Keys

Logon Scripts

Shortcut Mods

Screensavers

Powershell Profile

DLL Proxying - Introduction

DLL Proxying - Demo

Component Object Model - Introduction

COMs Registry

COM Hijacks and Proxies

Admin Level Persistence

Elevated Scheduled Tasks

Multiaction Tasks

New & Modified Services

IFEO - Debugger / SilentProcessExit / Verifier

Application Shims

Windows Management Instrumentation - Introduction

WMI Event Subscription

AppCert DLLs

AppInit DLLs

Netsh Helper DLLs

Winlogon - SHELL / USERINIT

Time Providers

Port Monitors

Local Security Authority - Introduction

LSA-as-a-Persistence - SSPs & AuthPkgs

LSA-as-a-Persistence - Password Filters

Assignments

Assignment #1

Assignment #2

Assignment #3

Assignment #4

Wrap up

Your Feedback

Summary and Next Steps