DanderSpirtz Persistence Methods
This content is still under construction
DanderSpritz has several tools built into get persistence for tools (such as keyloggers) and implants (such as PeddleCheap). In this page, we will cover the types of persistence capabilities that exist within the tool and how to leverage them.
Implant Persistence
Using the pc_prep command, the operator can begin persistently installing a configured PeddleCheap payload on the target machine. The PeddleCheap installer will prompt the operator for several pieces of information including:
- Should PeddleCheap listen or callback?
- Should PeddleCheap only listen or call back at specific times
- Should PeddheCheap use the standard listening or callback ports
- Which private / public keypair should be used for C&C communication
- Should PeddleCheap enable it’s “quick deletion” functionality
PeddleCheap persistence methods
AppCompat
WinSockHelper
KillSuit
KillSuit
KillSuit Persistence Methods
Driver
SolarTime (SOTI)
JustVisiting (JUVI)
DanderSpritz_docs is maintained by francisck.
This page was generated by GitHub Pages.