Persistence is the stage of attack in which adversaries establish long-term access to compromised systems.
Rudimentary examples include:
- Installing a rootkit
- Adding a service that provides reverse shell
- Command and Control implants/agents
- Adding own SSH public key to
.ssh/authorized_keys
/ steal and crack SSH private key - Adding a new user and abusing remote access services
- Creating an NinjaJc01/ssh-backdoor
More complex persistence methods may include masquerading as a kernel module, driver, or installing BPF programs, etc. Once a device has been subjected to the more complex methods, a full wipe is almost always needed to continue using it.