Stealthy Persistence in Enterprise Environments - Alexander Andersson - Security Fest 2026

Stayin' Alive: Stealthy Persistence in Enterprise Environments You've successfully compromised your target. How do you maintain access in the face of reboots, crashes, credential resets, and active remediation? In this presentation, we take a deep dive into stealthy persistence techniques that go far beyond the basic Windows services, run keys, and cron jobs. We explore the latest attacker tradecraft that abuses trusted components and blends into normal enterprise operations. The talk covers persistence techniques derived from novel research and techniques observed in the wild from my work as a Principal Forensic Consultant. These techniques evade modern detection/AV/NDR/EDR and, more importantly, are difficult for forensic investigators to identify and eradicate. We also examine how to exploit the limitations in modern forensic tooling and common DFIR workflows. Finally, the presentation distills these findings into practical attacker tradecraft for maintaining covert, resilient access in enterprise networks. This talk explores persistence, focusing on what actually works in real-world intrusions versus techniques that only look impressive. Using a mix of real-world cases and novel research, the presentation highlights both common mistakes and solid persistence mechanisms. The talk will feature multiple live demos. The talk content is based on (1) my experience leading hundreds of complex investigations as a Pricipal Forensic Consultant, (2) learnings from years of developing proprietary forensic tooling, and (3) an extensive review of persistence techniques and the limitations of current forensic tooling. Alexander Andersson Alexander is a Principal Forensic Consultant at Truesec. Alexander has a background in red teaming and software development. Today, he spends most of his time providing incident response services to companies that have suffered from an attack. He has led hundreds of complex investigations into everything from full-scale ransomware attacks to zero-day exploits and APT campaigns. Whenever not in an active incident, Alexander spends time in research and development with a focus on both novel forensic techniques and offensive vulnerability research. Security Fest is an inspiring and unique IT security conference held in Gothenburg, Sweden. The event is an excellent opportunity to learn more about IT security, and a great way to connect with both the renowned international speakers, and the other attendees.

Attacking AI - Jason Haddix - NDC Security 2026
▶︎

Attacking AI - Jason Haddix - NDC Security 2026

Modernizing Incident Response Using Techniques that Scale - Eric Capuano, Whitney Champion
▶︎

Modernizing Incident Response Using Techniques that Scale - Eric Capuano, Whitney Champion

Black Hat Europe 2025 | Hacking Smart Cities One Building At A Time - A City Of A Thousand Zero Days
▶︎

Black Hat Europe 2025 | Hacking Smart Cities One Building At A Time - A City Of A Thousand Zero Days

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026
▶︎

Keynote: After the AI Hype – What’s Real, and What’s Next - Richard Campbell - 2026

Using Large Language Models | Build Your Own LLM Workshop #1
▶︎

Using Large Language Models | Build Your Own LLM Workshop #1

Software architecture, human judgment, and AI's limits with Grady Booch
▶︎

Software architecture, human judgment, and AI's limits with Grady Booch

Penetration Tests on Video Surveillance Networks - Claire Vacherot - Security Fest 2026
▶︎

Penetration Tests on Video Surveillance Networks - Claire Vacherot - Security Fest 2026

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
▶︎

OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed

I Hacked This Temu Router. What I Found Should Be Illegal.
▶︎

I Hacked This Temu Router. What I Found Should Be Illegal.

Hackers can bypass Your MFA In 2026 (And How To Stop It)
▶︎

Hackers can bypass Your MFA In 2026 (And How To Stop It)

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎

Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker

Code to Compromise: Turning IDEs into attack vectors via malicious Extensions - Debjeet Banerjee
▶︎

Code to Compromise: Turning IDEs into attack vectors via malicious Extensions - Debjeet Banerjee

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
▶︎

DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox

Linus Torvalds: AI Is Changing Linux Fast
▶︎

Linus Torvalds: AI Is Changing Linux Fast

Anti-Forensics - You are doing it wrong (Believe me, I'm an IR consultant) - Stephan Berger
▶︎

Anti-Forensics - You are doing it wrong (Believe me, I'm an IR consultant) - Stephan Berger

Building an AI Dark Factory:  A Codebase That Writes Its Own Code, Live
▶︎

Building an AI Dark Factory: A Codebase That Writes Its Own Code, Live

Hacking Big Iron: When Modern Security Assumptions Fail on Mainframes -  Adam Toscher - SF2026
▶︎

Hacking Big Iron: When Modern Security Assumptions Fail on Mainframes - Adam Toscher - SF2026

Android 17 sucks. So I put Linux on a phone.
▶︎

Android 17 sucks. So I put Linux on a phone.

How to Track the People Tracking YOU
▶︎

How to Track the People Tracking YOU

Something is jamming GPS over Europe. Here's what we found
▶︎

Something is jamming GPS over Europe. Here's what we found