This section provides a summary of knowledge:
Survival detection based on conventional generation tcp / udp port scan
Based on the network icmp survival probe
Based on the network arp survival probe
Various loading external script survival probe
Description :: basic environment
WebServer-IIS7 boundary of the object is assumed to be a windows web server, the public network ip: 192.168.3.101 network ip: 192.168.4.2
kaliMaster assumed vps machine own public network [CobaltStrike team is also the location of the server], the public network ip: 192.168.3.219
Strike is assumed to be a linux machine within their own local network, local network ip: 192.168.126.136
Provisional :)