A penetration tester has gained initial access to a Windows server and wants to ensure they maintain persistent access to the compromised system. Which of the following methods BEST achieves this goal while minimizing the chances of detection?
Installing a well-known Trojan to maintain a backdoor
Creating a scheduled task to execute a reverse shell script periodically
Upgrading a restrictive shell to an unrestricted shell
Running a daemon process that listens for incoming connections
Scheduled tasks are a common method used by attackers to maintain persistence on a system. They can be easily set up to execute payloads or malicious scripts at specific times or intervals and are often overlooked during system audits and monitoring, making them less likely to be detected compared to more obvious methods like Trojans or backdoors that can trigger antivirus or intrusion detection systems. Other options like daemons and Trojans are more detectable due to the artifacts they leave and their common signatures. Upgrading a restrictive shell doesn't directly contribute to persistence
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a scheduled task and how is it used in penetration testing?
Open an interactive chat with Bash
What are some common attributes of Trojans that make them detectable?
Open an interactive chat with Bash
What is a reverse shell and how does it relate to maintaining access?