1
00:00:00,750 --> 00:00:05,970
‫So up to now, we've learned how to exploit the systems and compromise them successfully.

2
00:00:06,480 --> 00:00:07,350
‫What's up next?

3
00:00:07,860 --> 00:00:09,810
‫It's time to collect the fruits.

4
00:00:11,930 --> 00:00:16,430
‫Maintaining access is a very important phase of penetration testing.

5
00:00:17,430 --> 00:00:21,330
‫Unfortunately, it's one that often is overlooked.

6
00:00:21,870 --> 00:00:26,790
‫Most penetrations kind of get all carried away whenever the administrative access is obtained.

7
00:00:27,180 --> 00:00:31,500
‫So if the system is later patched, then they no longer have access to it.

8
00:00:32,750 --> 00:00:38,570
‫Persistence helps us access a system we have successfully compromised in the past.

9
00:00:40,470 --> 00:00:48,270
‫Now, it is important to note that they may be out of scope during a penetration test, but being familiar

10
00:00:48,270 --> 00:00:50,910
‫with them is of paramount importance.

11
00:00:52,500 --> 00:00:57,570
‫So these are a few of the methods of being persistent on the system that you compromised.

12
00:00:59,140 --> 00:01:05,560
‫Installation of a back door that requires authentication, installation and or modification of services

13
00:01:05,560 --> 00:01:14,290
‫to connect back to the system user and complex passwords should be used as a minimum use of certificates

14
00:01:14,290 --> 00:01:17,290
‫or cryptographic keys is preferred wherever possible.

15
00:01:18,310 --> 00:01:22,180
‫Reverse connections limited to a single IP may also be used.

16
00:01:23,440 --> 00:01:27,760
‫Also, creation of alternate accounts with complex passwords.