Notes on Payload Persistence
In the previous chapter I discussed, albeit briefly, the idea of persistence—that is the payload being able to survive reboots. There are numerous ways to do this, and now that we're dealing with multiple operating systems the problem multiplies. The method described in Chapter 1 will work but it's not very stealthy. Now that you're upping your game, it seems like a good time to revisit the concept with some better suggestions.
Microsoft Windows
There are plenty of ways to autostart code in Windows that go beyond the obvious and the most common:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft included several keys that were originally intended only for testing but which never got removed; you can execute code from there in the same way:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
or
HKLM\Software\Wow6432Node\Windows NT\CurrentVersion\Image File Execution Options
When using the Registry...