What is persistence in attacks?

After initial compromise, establishing persistence is the attacker's first priority. Detection: Autoruns (Sysinternals) shows all Windows persistence points. Monitor for new/modified scheduled tasks, services, and registry run keys. EDR behavioral alerts fire on suspicious persistence establishment.