Windows Persistence Techniques P4 | Services

In this post, We covered the third part of Windows Persistence Techniques and specifically we covered Backdooring Windows Services as part of TryHackMe Windows Local Persistence.

Windows services offer a great way to establish persistence since they can be configured to run in the background whenever the victim machine is started. If we can leverage any service to run something for us, we can regain control of the victim machine each time it is started.

A service is basically an executable that runs in the background. When configuring a service, you define which executable will be used and select if the service will automatically run when the machine starts or should be manually started.

There are two main ways we can abuse services to establish persistence

Create a new service
Modify an existing one to execute our payload.

Room Answers

Insert flag7 here

Insert flag8 here

Video Walk-Through

CTF Writeup, tryhackme, windows persistence

Show Comments

Motasem

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles

Windows Persistence Techniques P3 | Services | TryHackMe Windows Local Persistence

Room Answers

Video Walk-Through

Leave a Reply Cancel reply

Motasem

About the Author

Press ESC to close

Room Answers

Video Walk-Through

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

You might also like

Investigate an Infected Machine with Splunk | TryHackMe Benign

Ransomware Investigation with Splunk | TryHackMe PS Eclipse

Basics of Osquery For CyberSecurity | TryHackMe Osquery: The Basics