PersistenceSniper

Persistence detector

A tool for detecting and identifying persistent malware techniques in Windows machines using PowerShell

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

GitHub

2k stars
42 watching
185 forks
Language: PowerShell
last commit: 5 months ago
Linked from 1 awesome list

incident-responsemalware-detectionpersistencepowershellpowershell-modulepowershell-scriptregistrytechniqueswindows

Backlinks from these awesome lists:

Related projects:

Repository Description Stars
joeavanzato/trawler A PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts by scanning for various persistence techniques. 308
zonksec/persistence-aggressor-script A PowerShell script designed to evade detection by persisting on a compromised system through multiple evasion techniques 172
theflakes/reg_hunter A tool for triaging and hunting Windows persistence mechanisms, providing forensic insights into system activity. 142
threatexpress/persistence-aggressor-script A tool for creating and managing persistent malware components that can operate in multiple listener scenarios, including local and foreign listeners. 42
ntraiseharderror/kaiser Toolset providing fileless persistence and anti-forensic capabilities for Windows 7 86
aegrah/panix A highly customizable Linux persistence tool for simulating and researching Linux persistence mechanisms 416
karneades/malware-persistence A collection of information on malware persistence mechanisms and techniques. 165
cyborgsecurity/poisonapple A command-line tool for simulating and demonstrating persistence techniques on macOS systems. 221
ewhitehats/invisiblepersistence A Windows registry persistence mechanism that operates stealthily 338
0xthirteen/staykit A persistence kit for Cobalt Strike using a custom .NET assembly and leveraging various Windows techniques to maintain access after initial access is lost. 466
hasherezade/persistence_demos Demonstrates various persistence methods used by malware 219
objective-see/blockblock Provides continual protection by monitoring persistence locations across multiple platforms 642
netspi/pesecurity A PowerShell module to analyze Windows binary files for various security features and compilation settings. 626
teknasyon-teknoloji/persistencekit A library providing a simple way to store and retrieve Codable objects in various persistence layers 155
d4stiny/peacemaker A Windows kernel-mode utility designed to detect and analyze advanced malware techniques. 417