Simple play icon Course

Persistence with Impacket

by Ricardo Reimao

Maintaining foothold of compromised servers is a key step during a red team engagement. In this course, you will learn persistence using Impacket.

What you'll learn

In a red team engagement, after getting access to servers, it is important that you create persistence in your targets. In this way, you can access the servers at anytime, even if the original point of entry is patched. In this course, Persistence with Impacket, you’ll learn how to utilize the Impacket framework to maintain foothold in a red team environment. First, you’ll explore the basics of persistence and how to install the Impacket framework. Next, you'll discover how to use Impacket to create persistence via WMI event triggers. Finally, you’ll learn how to harvest hashes so you can use the accounts to access the environment later. When you’re finished with this course, you’ll have the skills and knowledge of Impacket needed to execute these techniques: Event Triggered Execution (T1546), Valid Accounts (T1078) and Windows Management Instrumentation (T1047).

About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

Ready to upskill? Get started