In this post, We covered the third part of Windows Persistence Techniques and specifically we covered Backdooring Windows Services as part of TryHackMe Windows Local Persistence.
Windows services offer a great way to establish persistence since they can be configured to run in the background whenever the victim machine is started. If we can leverage any service to run something for us, we can regain control of the victim machine each time it is started.
A service is basically an executable that runs in the background. When configuring a service, you define which executable will be used and select if the service will automatically run when the machine starts or should be manually started.
There are two main ways we can abuse services to establish persistence
- Create a new service
- Modify an existing one to execute our payload.
Insert flag8 here