Persistence is one of the most critical stages of an attack lifecycle. Once inside, adversaries rely on persistence techniques to maintain access, survive reboots, and quietly operate without triggering traditional defenses. Detecting these behaviors requires hunters to recognize patterns that blend into normal system activity and understand the underlying objectives behind them. This Level 2 workshop is designed for practitioners who want to go beyond the fundamentals and strengthen their ability to uncover persistence in real-world environments.
You’ll investigate how adversaries use registry run keys, scheduled tasks, services, startup folders, and WMI to establish footholds that remain undetected. With support from threat intelligence and realistic telemetry, you’ll apply structured hunting methods to expose these techniques and refine your ability to connect behaviors back to adversary goals. This interactive session will challenge your approach, test your process, and leave you better equipped to identify persistence when others miss it.
What to Expect:
While this session builds on the foundation established in our Level 1 Persistence workshop, completing that training is not required. If you’d like to revisit the Level 1 version, you can find it here: Level 1 Persistence Workshop.
Lee Archinal
Senior Threat Hunt Analyst, Intel 471
Lee is a U.S. Army veteran. While enlisted, he worked as a network administrator in diverse conditions. Since leaving the military, he has specialized in threat hunting and incident response. At Intel 471, Lee is responsible for developing cutting-edge hunting and detection content for the HUNTER platform.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.