The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.
Expect more. I am doing my best to add new entries each day.
How it works. And how to contribute.
π¨βπΌ HKCU Run and RunOnce registry keys
π¨βπΌ β Task Scheduler
β Image File Execution Options key
β Windows Services
β Natural Language Development Platform 6 DLLs *
β Filter Handlers for Windows Search
π¨βπΌ .chm helper DLL *
β AMSI Providers
π¨βπΌ HKCU cmd.exe AutoRun
β LSA Extension
β Winlogon Notification Package
β Print Monitor
π¨βπΌ HKCU Load
β Windows Platform Binary Table
π¨βπΌ Windows Terminal Profile
π¨βπΌ Startup Folder
π¨βπΌ User Init Mpr Logon Script *
β Autodial DLL *
π¨βπΌ PowerShell Profiles
π¨βπΌ TS Initial Program
β IFilter
Recycle Bin COM Extension Handler *
Monitoring Silent Process Exit
β Desired State Configuration
π¨βπΌ Screen Saver
π¨βπΌ File Extension Hijacking
π¨βπΌ Keyboard Shortcut *
Want more? Check the list tomorrow. :)
* Based on a research made by @Hexacorn - one of the best persistence hunters.
β It is enough to turn computer on to make the code run.
π¨βπΌ End-user can do it.