Maintaining persistence on a network is important. With the wider adoption of endpoint via EDR, the approach of persisting via on-disk artifacts is under increasing pressure. This talk outlines how in-memory persistence can be achieved cheaply and effectively, and how using automated & coordinated lateral movement can be combined with in-memory persistence to maintain a network toehold without disk artifacts.
Founding team member, VP of Engineering and Chief Architect @ Carbon Black, contributor to ATT&CK framework and osquery, believer in open source security capabilities, and Windows Internals geek.