Persistence
Here are the articles in this section:
DLL Proxying for Persistence
T1053: Schtask
Code execution, privilege escalation, lateral movement and persitence.
T1035: Service Execution
Code Execution, Privilege Escalation
T1015: Sticky Keys
Sticky keys backdoor.
T1136: Create Account
Persistence
T1013: AddMonitor()
Persistence, Privilege Escalation
T1128: NetSh Helper DLL
Persistence, code execution using netsh helper arbitrary libraries.
T1084: Abusing Windows Managent Instrumentation
Persistence, Privilege Escalation
Windows Logon Helper
Hijacking Default File Extension
Persisting in svchost.exe with a Service DLL
Modifying .lnk Shortcuts
T1180: Screensaver Hijack
Hijacking screensaver for persistence.
T1138: Application Shimming
Persistence, Privilege Escalation
T1197: BITS Jobs
File upload to the compromised system.
T1122: COM Hijacking
UAC Bypass/Defense Evasion, Persistence
T1198: SIP & Trust Provider Hijacking
Defense Evasion, Persistence, Whitelisting Bypass
T1209: Hijacking Time Providers
Persistence
T1130: Installing Root Certificate
Defense Evasion
Powershell Profile Persistence
RID Hijacking
Word Library Add-Ins
Office Templates