Persistence

Overview

Persistence ensures continued access to a compromised system after reboots, credential changes, or network interruptions. Techniques range from simple cron jobs and SSH keys to more advanced methods like systemd services, registry run keys, and scheduled tasks. The goal is to maintain access without re-exploiting the initial vulnerability.

Topics in This Section

• Linux Persistence
• Windows Persistence

General Approach

1. Assess access level — root/SYSTEM access enables more persistence options
2. Choose method — match the technique to the target OS and detection risk
3. Test persistence — verify the mechanism survives a reboot or session loss
4. Layer mechanisms — use multiple independent persistence methods when possible