# Persistence

- [DLL Proxying for Persistence](https://www.ired.team/offensive-security/persistence/dll-proxying-for-persistence.md)
- [Schtask](https://www.ired.team/offensive-security/persistence/t1053-schtask.md): Code execution, privilege escalation, lateral movement and persitence.
- [Service Execution](https://www.ired.team/offensive-security/persistence/t1035-service-execution.md): Code Execution, Privilege Escalation
- [Sticky Keys](https://www.ired.team/offensive-security/persistence/t1015-sethc.md): Sticky keys backdoor.
- [Create Account](https://www.ired.team/offensive-security/persistence/t1136-create-account.md): Persistence
- [AddMonitor()](https://www.ired.team/offensive-security/persistence/t1013-addmonitor.md): Persistence, Privilege Escalation
- [NetSh Helper DLL](https://www.ired.team/offensive-security/persistence/t1128-netsh-helper-dll.md): Persistence, code execution using netsh helper arbitrary libraries.
- [Abusing Windows Managent Instrumentation](https://www.ired.team/offensive-security/persistence/t1084-abusing-windows-managent-instrumentation.md): Persistence, Privilege Escalation
- [WMI as a Data Storage](https://www.ired.team/offensive-security/persistence/t1084-abusing-windows-managent-instrumentation/wmi-data-storage.md): Exploring WMI as a data storage for persistence by leveraging WMI classes and their properties.
- [Windows Logon Helper](https://www.ired.team/offensive-security/persistence/windows-logon-helper.md)
- [Hijacking Default File Extension](https://www.ired.team/offensive-security/persistence/hijacking-default-file-extension.md)
- [Persisting in svchost.exe with a Service DLL](https://www.ired.team/offensive-security/persistence/persisting-in-svchost.exe-with-a-service-dll-servicemain.md)
- [Modifying .lnk Shortcuts](https://www.ired.team/offensive-security/persistence/modifying-.lnk-shortcuts.md)
- [Screensaver Hijack](https://www.ired.team/offensive-security/persistence/t1180-screensaver-hijack.md): Hijacking screensaver for persistence.
- [Application Shimming](https://www.ired.team/offensive-security/persistence/t1138-application-shimming.md): Persistence, Privilege Escalation
- [BITS Jobs](https://www.ired.team/offensive-security/persistence/t1197-bits-jobs.md): File upload to the compromised system.
- [COM Hijacking](https://www.ired.team/offensive-security/persistence/t1122-com-hijacking.md): UAC Bypass/Defense Evasion, Persistence
- [SIP & Trust Provider Hijacking](https://www.ired.team/offensive-security/persistence/t1198-trust-provider-hijacking.md): Defense Evasion, Persistence, Whitelisting Bypass
- [Hijacking Time Providers](https://www.ired.team/offensive-security/persistence/t1209-hijacking-time-providers.md): Persistence
- [Installing Root Certificate](https://www.ired.team/offensive-security/persistence/t1130-install-root-certificate.md): Defense Evasion
- [Powershell Profile Persistence](https://www.ired.team/offensive-security/persistence/powershell-profile-persistence.md)
- [RID Hijacking](https://www.ired.team/offensive-security/persistence/rid-hijacking.md)
- [Word Library Add-Ins](https://www.ired.team/offensive-security/persistence/word-library-add-ins.md)
- [Office Templates](https://www.ired.team/offensive-security/persistence/office-templates.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.ired.team/offensive-security/persistence.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.