After gaining SYSTEM-level shell on a fully patched Windows 10 host, you need to add a covert persistence mechanism that automatically starts your payload at every reboot yet will not show up in the Services console or typical Run/Startup registry locations. Which technique is most appropriate for this requirement?
Add the payload path to the HKLM\Software\Microsoft\Windows\CurrentVersion\Run registry key
Use schtasks /create /sc onstart to schedule a hidden SYSTEM task
Create a permanent WMI event subscription that triggers the payload at system start
Register a new auto-start service with the command sc create
A permanent Windows Management Instrumentation (WMI) event subscription can be created that listens for system-start events, such as Win32_ComputerStartupEvent or a __InstanceModificationEvent on Win32_OperatingSystem, and then launches the attacker's payload. Because the trigger and command are stored inside the WMI repository, nothing new appears in the Services snap-in, Task Scheduler GUI, or common Run keys, making the backdoor difficult to spot with standard administrative tools.
Registering an auto-start service with sc create or adding an entry under HKLM…\Run will indeed survive reboots, but both are easily listed by system utilities and many monitoring tools. Creating a scheduled task with schtasks /create /sc onstart also produces an item visible in Task Scheduler and in Autoruns. Only the WMI permanent event subscription meets all stated goals of persistence, automatic start, and relative stealth in typical service and startup listings.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is WMI and how does it enable persistence?
Open an interactive chat with Bash
What are Win32_ComputerStartupEvent and __InstanceModificationEvent?
Open an interactive chat with Bash
Why are services, Run registry keys, and scheduled tasks easier to detect?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
System Hacking Phases and Attack Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .