Persistence
Techniques attackers use to maintain access to a compromised system across reboots and credential changes.
Full Definition
In the context of cyberattacks, persistence refers to the techniques threat actors use to maintain a foothold in a compromised environment even after system reboots, credential changes, or partial remediation efforts. It is a critical phase in the MITRE ATT&CK framework and a key indicator that an attacker intends extended access rather than a quick smash-and-grab.\n\nCommon persistence mechanisms include scheduled tasks, registry run keys, startup folder modifications, service installation, web shells on servers, and the modification of boot or logon scripts. Advanced actors may implant firmware-level backdoors or exploit legitimate software update mechanisms for near-permanent access.\n\nDetecting persistence requires comprehensive endpoint monitoring, integrity checking of system files and configurations, and behavioral analytics. Finding and eliminating all persistence mechanisms is one of the most critical — and often underestimated — steps in incident response.
Related Terms
Lateral Movement
Techniques used by attackers to progressively move through a network after initial compromise.
Attack TypesPrivilege Escalation
Gaining higher levels of access than originally authorized within a system or network.
Attack TypesMalware
Any software intentionally designed to cause harm, disrupt, or gain unauthorized access to systems.
Malware & InfrastructureAdvanced Persistent Threat (APT)
A prolonged, targeted cyberattack by a sophisticated, often state-sponsored threat actor.
Threat ActorsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.