While I was working on a Linux boot CD for Red Team operations I started researching various persistence techniques that were out there in “the real world”. Pretty soon a couple of pages of notes became a notebook full of information. Based on public information from incident reports, AV vendors, blogs, and con talks, I started trying to categorize the various techniques to make them easier to digest. One thing that immediately jumped out was that nobody had apparently tried to do this before. With help from another former Red Teamer, Will, we were able to categorize over 20 different ways that somebody could attain persistence. Our hope is that our talk will benefit both the folks who have to defend and those who provide threat emulation by providing details about real world persistence methods.
Spoke at BHUSA 2012, Defcon 19, Derbycon Former Red Teamer Bunch of certs… working for Accuvant Labs “Skip
Spoke at Bsides a couple of places (PDX, SEA) Former Red Teamer Certs and degrees and shit Currently doing penance for RT work at Microsoft Security Response Center”