Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows persistence techniques #16791

Open
1 of 26 tasks
bcoles opened this issue Jul 19, 2022 · 0 comments
Open
1 of 26 tasks

Windows persistence techniques #16791

bcoles opened this issue Jul 19, 2022 · 0 comments
Labels
suggestion-module New module suggestions

Comments

@bcoles
Copy link
Contributor

bcoles commented Jul 19, 2022

A thread to track adding persistence techniques from persistence-info project.

The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.

  • HKCU Run and RunOnce registry keys - modules/post/windows/manage/persistence_exe.rb
  • Task Scheduler
  • Image File Execution Options key
  • Windows Services
  • AeDebug
  • WER Debugger
  • Natural Language Development Platform 6 DLLs
  • GPO Client-side Extension
  • Filter Handlers for Windows Search
  • Disk Cleanup Handler
  • .chm helper DLL
  • hhctrl.ocx
  • AMSI Providers
  • ServerLevelPluginDll
  • Password Filter
  • Credential Manager DLL
  • Authentication Packages
  • Code Signing DLL
  • HKCU cmd.exe AutoRun
  • LSA Extension
  • Winlogon Notification Package
  • Print Monitor
  • HKCU Load
  • MPNotify
  • Windows Platform Binary Table
  • Explorer tools
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
suggestion-module New module suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bcoles