A tester compromises a target host and then wants to maintain persistent access. Which of the following is the best way for the attacker to accomplish the objective?
Registering a malicious service ensures that it starts automatically with the system, providing persistence even after reboots.
This method is stealthier than others and is commonly used in advanced persistent threat (APT) scenarios.
Why Not Other Options?
B (Remote desktop software): Installing such software is noisy and can easily be detected by monitoring tools.
C (User logon script): While it provides persistence, it is less reliable and more detectable than a system service.
D (Kerberoasting): This is a credential-stealing technique and does not establish persistence.
CompTIA Pentest+ References:
Domain 3.0 (Attacks and Exploits)
Domain 4.0 (Penetration Testing Tools)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit