Windows Persistence Map v0.1

Mitres Att&ck framework writes about persistence TA0003: "The adversary is trying to maintain their foothold." 

There are multiple ways to get persistence in a Microsoft Windows operating system. Pepe Berba has created a nice overview of linux persistence techniques as a map, so I tried to do the same thing for Windows. This is version v0.1 of it:

• https://github.com/flostyen/windows-persistence
• SVG https://github.com/flostyen/windows-persistence/blob/main/Windows%20Persistence%20Map%20v0.1.svg 
• PDF https://github.com/flostyen/windows-persistence/blob/main/Windows%20Persistence%20Map%20v0.1.pdf
  

 

 

Edge browser internal debug tools - example network traffic

 Microsoft Edge browser has some internal tools: edge://edge-urls/

Example usage net-export - debugging network traffic

1. edge://net-export/ 
   
   
   
   
   
2. Start & set file location (edge-net-export-log.json)
3. Reproduce the issue in a new tab
4. Stop recording
5. The recording can be viewed via: https://netlog-viewer.appspot.com/#import
   → See Privacy: https://chromium.googlesource.com/catapult/+/master/netlog_viewer/
   "This app loads NetLog files generated by Chromium's chrome://net-export. Log data is processed and visualized entirely on the client side (your browser). Data is never uploaded to a remote endpoint."
6. Select and load the file
7. For example, Proxy/ProxyPAC Configuration: https://netlog-viewer.appspot.com/#proxy
   
   
   
   
   
8. For example, detailed Event Timeline: https://netlog-viewer.appspot.com/#events
   
   
   
   
   
9. For example, detailed DNS Events:
   
   
   
   
   
10. Detailed Socket overview: https://netlog-viewer.appspot.com/#sockets
11. Detailed HTTP/2 overview: https://netlog-viewer.appspot.com/#http2
12. Detailed QUIC overview: https://netlog-viewer.appspot.com/#quic