Nytro Posted September 30, 2022 Report Posted September 30, 2022 The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios. Expect more. I am doing my best to add new entries each day. How it works. And how to contribute. 👨💼 HKCU Run and RunOnce registry keys 👨💼 ⚙ Task Scheduler ⚙ Image File Execution Options key ⚙ Windows Services AeDebug WER Debugger * ⚙ Natural Language Development Platform 6 DLLs * ⚙ GPO Client-side Extension ⚙ Filter Handlers for Windows Search Disk Cleanup Handler 👨💼 .chm helper DLL * hhctrl.ocx * ⚙ AMSI Providers ⚙ ServerLevelPluginDll Password Filter Credential Manager DLL ⚙ Authentication Packages Code Signing DLL 👨💼 HKCU cmd.exe AutoRun ⚙ LSA Extension ⚙ Winlogon Notification Package ⚙ Print Monitor 👨💼 HKCU Load MPNotify ⚙ Windows Platform Binary Table Explorer tools * 👨💼 Windows Terminal Profile 👨💼 Startup Folder 👨💼 User Init Mpr Logon Script * ⚙ Autodial DLL * .NET Startup Hooks 👨💼 PowerShell Profiles 👨💼 TS Initial Program Want more? Check the list tomorrow. * Based on a research made by @Hexacorn - one of the best persistence hunters. ⚙ It is enough to turn computer on to make the code run. 👨💼 End-user can do it. Sursa: https://persistence-info.github.io/ 2 Quote
