Expanded

Persistence with Impacket

Maintaining foothold of compromised servers is a key step during a red team engagement. In this course, you will learn persistence using Impacket.
Course info
Level
Intermediate
Updated
Sep 15, 2021
Duration
20m
Table of contents
Description
Course info
Level
Intermediate
Updated
Sep 15, 2021
Duration
20m
Your 10-day individual free trial includes:

Expanded library

This course and over 7,000+ additional courses from our full course library.

Hands-on library

Practice and apply knowledge faster in real-world scenarios with projects and interactive courses.
*Available on Premium only
Description

In a red team engagement, after getting access to servers, it is important that you create persistence in your targets. In this way, you can access the servers at anytime, even if the original point of entry is patched. In this course, Persistence with Impacket, you’ll learn how to utilize the Impacket framework to maintain foothold in a red team environment. First, you’ll explore the basics of persistence and how to install the Impacket framework. Next, you'll discover how to use Impacket to create persistence via WMI event triggers. Finally, you’ll learn how to harvest hashes so you can use the accounts to access the environment later. When you’re finished with this course, you’ll have the skills and knowledge of Impacket needed to execute these techniques: Event Triggered Execution (T1546), Valid Accounts (T1078) and Windows Management Instrumentation (T1047).

About the author
About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Privilege Escalation with SharpUp
Intermediate
17m
Oct 25, 2021
Discovery with Seatbelt
Intermediate
20m
Oct 6, 2021
More courses by Ricardo Reimao
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey there. Welcome to the course, Persistence with Impacket. In this Cybersecurity Tools course, you'll learn how to create persistence in compromised servers using the Impacket library. So, imagine you're working on a red team engagement. After getting initial access to a server, you need to maintain a foothold on the server so you can access it at any time you want, even if the initial vulnerability is patched. And one of the main ways of doing that is using Impacket to create hidden tasks in the system. In this course, we cover the Impacket framework, which allows you to perform several attacks, including creating WMI events and triggers to automate tasks. We start this course by discussing how you can leverage Impacket to create persistence. Then, in our first demo, you'll learn how to use Impacket and the WMI protocol to execute a file in a remote server. After that, in our main demo, you'll learn how to deploy a hidden reverse shell using Impacket, and this reverse shell would be useful for you to access the server at any time you want. And in our last demo, you'll learn how to use Impacket to harvest hash credentials, which can be useful to log into the servers later if you need. So, whether you're trying to establish persistence in a red team engagement or just testing the detection capabilities of your own company, join me in learning how to create persistence with Impacket, here at Pluralsight.