Host persistence is the maintenance of access to a host (without having to repeatedly exploit).
Basic methods for maintaining access as a regular user include:
- HKCU / HKLM Registry Autoruns
- Scheduled Tasks
- Startup Folder
For Cobalt Strike, which doesn’t have built-in persistence tools, we can use mandiant/SharPersist.
Common persistence methods on Windows in Cobalt Strike: