Persistence ensures that an attacker maintains access to the system in case they loose the connection, which could be caused by an administrator cleaning up the system or even if their connection drops for some reason.

Scheduled Jobs

An attacker will schedule a job, in case they loose the connection, to callback to their system to re-establish the connection. Many botnets rely on scheduled jobs, even using a secure SSL connection to do so. Using a secure connection makes the connection easy to conceal.

Scheduled Tasks

A task can be scheduled on a remote system to execute programs at system startup, or at other times. A program can be executed to gain SYSTEM privileges, to conduct remote Execution as part of Lateral Movement, scheduled basis for persistence, to run a process under the context of a specified account.

Daemons

A Daemon is a service that runs as a background process. An Daemon provides longer access than injected code and can even survive reboots.

Back Doors

An attacker installed a vulnerable service that allows them to access the system at a future time.

Trojan

Trojans are seemingly non-suspicious software that have malware, or a vulnerable service, attached. The victim does not know that the program is malicious and installed the software and thus installing the vulnerable application.

New User Creation

Attackers, once they have access to the system, can create a new user to allow them future access through that new user.