In this post, we covered the second part of Windows Persistence Techniques and specifically we covered Backdooring files as part of TryHackMe Windows Local Persistence
Another method of establishing persistence consists of tampering with some files we know the user interacts with regularly. By performing some modifications to such files, we can plant backdoors that will get executed whenever the user accesses them. Since we don’t want to create any alerts that could blow our cover, the files we alter must keep working for the user as expected.
While there are many opportunities to plant backdoors, we will check the most commonly used ones.
- Executable Files
- Shortcut Files
- Hijacking File Associations
- Startup Scripts
Insert flag5 here
Insert flag6 here