GithubHelp home page GithubHelp logo

persistencehunter's Introduction

PersistenceHunter

This tool is an effort to automate checking many of the common registry and filepath locations associated with Windows persistence mechanisms identified in the MITRE ATT&CK Matrix. It has been designed with the presumption that no foreign executables (i.e. Autoruns.exe) may be brought into the environment. It also assumes there is little to no historical data of value, providing a point in time analysis.

Usage

PS> Import-Module ./PersistenceHunter.ps1

Covered Techniques

  • AppCert DLLs
  • AppInit DLLs
  • Application Shimming
  • Authentication Packages (LSA)
  • BITS Jobs
  • Chrome Extensions
  • Firefox Extensions
  • Hidden Files
  • Hidden Directories
  • Image File Execution Options
  • Logon Scripts
  • Scheduled Tasks
  • Security Support Providers
  • Services
  • SIP and Trust Provider Hijacking

To-do

Some of these won't be able to be done with PowerShell
  • Bootkits
  • Change Default File Association
  • Component Firmware
  • COM Hijacking
  • DLL Search Order Hijacking
  • External Remote Services
  • File System Permissions Weakness
  • Hooking
  • Hypervisor
  • LSASS Driver
  • Modifying Existing Service
  • Netsh Helper DLL
  • Office Application Startup
  • Path Interception
  • Port Monitors
  • PowerShell Profile
  • Redundant Access
  • Registry Run Keys / Startup Folder
  • Screensaver
  • Server Software Component
  • Service Registry Permissions Weakness
  • Shortcut Modification
  • System Firmware
  • Time Providers
  • Valid Accounts
  • Web Shell
  • Windows Management Instrumentation Event Subscription
  • Winlogon Helper DLL

persistencehunter's People

Contributors

yaboygmoney avatar g-turley avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.