PersistenceSniper
Persistence detector
Automated detection of malicious persistence techniques in Windows machines.
Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
2k stars
42 watching
189 forks
Language: PowerShell
last commit: about 1 month ago
Linked from 1 awesome list
incident-responsemalware-detectionpersistencepowershellpowershell-modulepowershell-scriptregistrytechniqueswindows
Related projects:
| Repository | Description | Stars |
|---|---|---|
 joeavanzato/trawler | A PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts by scanning for various persistence techniques. | 310 |
 zonksec/persistence-aggressor-script | A PowerShell script designed to evade detection by persisting on a compromised system through multiple evasion techniques | 173 |
 theflakes/reg_hunter | A tool for triaging and hunting Windows persistence mechanisms, providing forensic insights into system activity. | 143 |
 threatexpress/persistence-aggressor-script | A tool for creating and managing persistent malware components that can operate in multiple listener scenarios, including local and foreign listeners. | 42 |
 ntraiseharderror/kaiser | Toolset providing fileless persistence and anti-forensic capabilities for Windows 7 | 87 |
 aegrah/panix | A modular Linux persistence framework providing various techniques to achieve persistent access on Linux systems | 465 |
 karneades/malware-persistence | A collection of information on malware persistence mechanisms and techniques. | 165 |
 cyborgsecurity/poisonapple | A command-line tool for simulating and demonstrating persistence techniques on macOS systems. | 221 |
 ewhitehats/invisiblepersistence | A Windows registry persistence mechanism that operates stealthily | 339 |
 0xthirteen/staykit | A persistence kit for Cobalt Strike using a custom .NET assembly and leveraging various Windows techniques to maintain access after initial access is lost. | 468 |
 hasherezade/persistence_demos | Demonstrates various persistence methods used by malware | 219 |
 objective-see/blockblock | Provides continual protection by monitoring persistence locations across multiple platforms | 650 |
 netspi/pesecurity | A PowerShell module to analyze Windows binary files for various security features and compilation settings. | 626 |
 teknasyon-teknoloji/persistencekit | A library providing a simple way to store and retrieve Codable objects in various persistence layers | 154 |
 d4stiny/peacemaker | A Windows kernel-mode utility designed to detect and analyze advanced malware techniques. | 417 |