Persistence is the attacker’s best friend - and the defender’s recurring nightmare. Even when malware is removed, or a compromised account is reset, persistence mechanisms let intruders remain in control, waiting for the next opportunity.
In this session, Paula draws on extensive incident response experience to reveal how attackers achieve persistence across endpoints, Active Directory, and cloud environments. Through practical demonstrations, she will show how subtle misconfigurations, overlooked monitoring gaps, and creative abuse of legitimate features create long-term footholds for attackers. Additionally, Paula will demonstrate the latest discoveries in Automatic Destinations and USN journal to create full transparency of hacker's actions.
- Inspiration
