Read as
Last updated: April 29, 2026
MITRE ATT&CK lists 30+ persistence techniques. The 10 most-used cover 80% of real-world cases.
MITRE ATT&CK lists 30+ persistence techniques. The 10 most-used cover 80% of real-world cases.
Top techniques
- Run keys — HKCU/HKLM\Software\Microsoft\Windows\CurrentVersion\Run
- Services — create new service or hijack existing
- Scheduled tasks — schtasks; survives reboot
- WMI event subscription — fires on conditions
- COM hijacking — replace InProcServer32 entries
- Office Test path — DLLs loaded by Office at startup
- Image File Execution Options — debugger key for any program
- Logon scripts — GPO-based
- BITS jobs — long-running background transfers with command callbacks
- AppInit DLLs — loaded into every user-mode process (less common, well-detected)
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants