Readme_en.md

All Resource Collection Projects

Persistence

• Resources About Persistence, Multiple Platforms

Directory

• Windows -> (8)Tools (42)Post
• Linux -> (1)Tools (3)Post
• macOS -> (10)Post
• Android -> (2)Tools (3)Post
• iOS -> (2)Tools (1)Post
• Recent Add
  • (67) Tools
  • (212) Post
  • (23) Post-pentestlab
  • (54) Post-Malware
  • (3) Post-hackingarticles

Windows

---

Tools

• [336Star][4m] [C#] fireeye/sharpersist Windows persistence toolkit
• [107Star][12m] [PS] r4wd3r/rid-hijacking Windows RID Hijacking persistence technique
• [98Star][5y] [PS] enigma0x3/invoke-altdsbackdoor obtain persistence on a Windows 7+ machine under both Standard and Administrative accounts by using two Alternate Data Streams
• [66Star][3y] [Py] darkquasar/wmi_persistence A repo to hold some scripts pertaining WMI (Windows implementation of WBEM) forensics
• [60Star][2m] [Go] giuliocomi/backoori Tool aided persistence via Windows URI schemes abuse
• [17Star][8m] [Go] mthbernardes/badarchitect Abusing SketchUp to make persistence on Windows
• [6Star][4m] [C] 1captainnemo1/persistentcreverseshell A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
• [5Star][4m] [C++] rtcrowley/offensive-netsh-helper Maintain Windows Persistence with an evil Netshell Helper DLL

---

Post

• 2020.04 [hackingarticles] Windows Persistence using Netsh
• 2020.04 [hackingarticles] Windows Persistence using Bits Job
• 2020.04 [hackingarticles] Windows Persistence using WinLogon
• 2020.01 [hackingarticles] Windows Persistence using Application Shimming
• 2020.01 [hackingarticles] Multiple Ways to Persistence on Windows 10 with Metasploit
• 2020.01 [pentestlab] Persistence – WMI Event Subscription
• 2019.10 [secjuice] Abusing Windows 10 Narrator 'Feedback-Hub' for Fileless Persistence
• 2019.07 [rootedconmadrid] Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [RootedCON2019-ENG]
• 2019.07 [rootedconmadrid] Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [RootedCON2019-ESP]
• 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 3 – WMI Event Subscription
• 2019.05 [remoteawesomethoughts] Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
• 2019.03 [hackingarticles] Windows Persistence with PowerShell Empire
• 2019.01 [fuzzysecurity] Windows Userland Persistence Fundamentals
• 2018.10 [countercept] Abusing Windows Library Files for Persistence
• 2018.10 [countercept] Abusing Windows Library Files for Persistence
• 2018.09 [oddvar] Persistence using Universal Windows Platform apps (APPX)
• 2018.08 [swordshield] Sticking Around: Common Windows Malware Persistence Mechanisms
• 2018.07 [BSidesTLV] Abusing WMI Providers For Persistence - Philip Tsukerman
• 2018.05 [pentestingexperts] Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I
• 2018.04 [infosecinstitute] Advance Persistent Threat - Lateral Movement Detection in Windows Infrastructure - Part II
• 2018.03 [infosecinstitute] Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I
• 2017.01 [inspired] WMI Persistence with Cobalt Strike
• 2016.07 [JackkTutorials] How to make a persistent backdoor (Metasploit / Kali Linux)
• 2016.06 [rootedconmadrid] Abel Valero - Windows BootKits: Como analizar malware persistente en MBR/VBR [RootedCON 2016 - ESP]
• 2016.06 [rootedconmadrid] Abel Valero - Windows BootKits: Como analizar malware persistente en MBR/VBR [RootedCON 2016 - ENG]
• 2016.04 [sans] Windows Command Line Persistence?
• 2016.04 [windowsir] Cool Stuff, re: WMI Persistence
• 2016.03 [quarkslab] Windows Filtering Platform: Persistent state under the hood
• 2015.09 [blackmoreops] Create Kali Bootable Installer USB Drive in Windows 10 (Kali Bootable Non-Persistence USB Drive)
• 2013.09 [cylance] Windows Registry Persistence, Part 2: The Run Keys and Search-Order
• 2013.08 [cylance] Windows Registry Persistence, Part 1: Introduction, Attack Phases and Windows Services
• 2012.11 [sans] Case Leads: DFIR Lessons from Sandy; The Advanced Persistent Intruder; The Secure Breach; Windows8 Forensics; South Carolina Tax Info Protected by "TWO FIREWALLS"

Linux

---

Tools

• [433Star][4m] [Shell] d4rk007/redghost Linux post exploitation framework written in bash designed to assist red teams in persistence, reconnaissance, privilege escalation and leaving no trace.

---

Post

macOS

---

Post

• 2019.11 [CodeColorist] Two macOS persistence tricks abusing plugins
• 2019.03 [specterops] Folder Actions for Persistence on macOS
• 2019.03 [blacksunhackers] macOS Persistence via iTerm
• 2018.03 [mac4n6] OMG, Seriously? - APFS Encrypted Plaintext Password found in ANOTHER (More Persistent!) macOS Log File
• 2018.01 [xorrior] Leveraging Emond on macOS For Persistence
• 2018.01 [xorrior] Leveraging Emond on macOS For Persistence

Android

---

Tools

• [33Star][12m] [Kotlin] cesarferreira/seguro Secure persistence using AES+CBC encryption on Android with no dependencies.
• [31Star][6m] [Kotlin] irontec/android-room-example Android Kotlin app showcasing the Room persistence library

---

Post

• 2015.02 [checkpoint] Clever and Persistent Android Banking Trojan Discovered | Check Point Software Blog

iOS

---

Tools

• [199Star][6m] [Swift] lucas34/swiftqueue Job Scheduler for IOS with Concurrent run, failure/retry, persistence, repeat, delay and more
• [138Star][7m] [Swift] justeat/justpersist JustPersist is the easiest and safest way to do persistence on iOS with Core Data support out of the box. It also allows you to migrate to any other persistence framework with minimal effort.

---

Post

Recent Add

---

Tools

• [1742Star][5m] [Py] rootm0s/winpwnage UAC bypass, Elevate, Persistence and Execution methods
• [986Star][26d] [Py] synack/knockknock displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X
• [983Star][3y] [C] cybellum/doubleagent Zero-Day Code Injection and Persistence Technique
• [792Star][17d] [C] pmem/pmdk a collection of libraries and tools for System Administrators and Application Developers to simplify managing and accessing persistent memory devices
• [538Star][4y] [PS] enigma0x3/generate-macro This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.
• [347Star][1m] [TeX] plailect/keyshuffling Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain
• [310Star][22d] [Py] shaypal5/cachier Persistent, stale-free, local and cross-machine caching for Python functions.
• [266Star][2y] [C++] ewhitehats/invisiblepersistence Persisting in the Windows registry "invisibly"
• [220Star][5y] [PS] jseidl/babadook Connection-less Powershell Persistent and Resilient Backdoor
• [215Star][10m] [PS] harmj0y/damp The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
• [194Star][10m] [Ruby] sfeley/candy Transparent persistence for MongoDB
• [192Star][2m] [Py] scrapy/queuelib Collection of persistent (disk-based) queues
• [162Star][3y] miserlou/mackenzie AWS Lambda Infection Toolkit // Persistent Lambda Malware PoC
• [152Star][1y] [ObjC] objective-see/reikey Malware and other applications may install persistent keyboard "event taps" to intercept your keystrokes. ReiKey can scan, detect, and monitor for such taps!
• [150Star][20d] [Py] checkymander/imessagesbackdoor A script to help set up an event handler in order to install a persistent backdoor that can be activated by sending a message.
• [141Star][6m] [C++] hasherezade/iat_patcher Persistent IAT hooking application - based on bearparser
• [126Star][2y] zonksec/persistence-aggressor-script initial commit
• [124Star][4m] [PS] p0w3rsh3ll/autoruns help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
• [111Star][4m] [Go] schollz/linkcrawler Cross-platform persistent and distributed web crawler
• [105Star][3y] [Py] n00py/norknork Powershell Empire Persistence finder
• [99Star][2y] [PS] testingpens/malwarepersistencescripts A collection of scripts I've written to help red and blue teams with malware persistence techniques.
• [95Star][23d] [Batchfile] huntresslabs/evading-autoruns 几种用于逃避常见的驻留枚举工具的技术（Evading Autoruns，Derbycon 2017）
• [94Star][22d] [C++] hasherezade/persistence_demos Demos of various (also non standard) persistence methods used by malware
• [91Star][4m] 0xthirteen/staykit Cobalt Strike kit for Persistence
• [73Star][4m] [Py] s1egesystems/ghostdelivery .vbs script to deliver payload with persistence.
• [70Star][16d] [C#] mdsecactivebreach/wmipersistence WMI Event Subscription Persistence in C#
• [69Star][4m] [C++] tobozo/esp32-blecollector ᛡᛒ BLE Scanner + Data persistence on SD Card for M5Stack, Odroid-Go, ESP32-Wrover-Kit and other models
• [66Star][30d] yeti-791/apt-guide APT学习指南（Advanced persistent threat learning Guide）
• [64Star][5y] [PS] enigma0x3/outlookpersistence
• [64Star][1m] [Py] n00py/post-ex Post-exploitation scripts for OS X persistence and privesc
• [61Star][1m] 3gstudent/bitsadminexec 利用bitsadmin 实现驻留，以及自动运行
• [61Star][1y] [JS] dxa4481/xssoauthpersistence Maintaining account persistence via XSS and Oauth
• [58Star][4y] [PS] killswitch-gui/persistence-survivability Powershell Persistence Locator
• [49Star][1m] [Go] schollz/crawdad Cross-platform persistent and distributed web crawler
• [40Star][3y] [PS] n0pe-sled/wmi-persistence
• [39Star][22d] [C] pmem/valgrind Enhanced Valgrind for Persistent Memory
• [38Star][1y] [C] ntraiseharderror/kaiser Fileless persistence, attacks and anti-forensic capabilties.
• [35Star][2y] [PS] 3gstudent/office-persistence Use powershell to test Office-based persistence methods
• [34Star][3y] [PS] 3gstudent/waitfor-persistence Use Waitfor.exe to maintain persistence
• [33Star][3m] tom4t0/cobalt-strike-persistence cobalt strike 自启动脚本
• [30Star][3y] [PS] 3gstudent/com-object-hijacking use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)
• [30Star][10m] [PHP] echo-devim/xbackdoor A tool for the persistent XSS exploitation with a focus for mobile web browsers
• [29Star][20d] [PHP] n1215/lara-todo-persistence LaravelとEloquentの永続化パターンサンプル
• [29Star][7m] [PS] ahhh/wifi_trojans A collection of wireless based bind and reverse connect shells for penetration testers to use in demonstrating persistence to a network via rouge access points.
• [29Star][4m] [Py] rikvanduijn/wmi-persistence
• [27Star][5m] [Py] threatresponse/mad-king Proof of Concept Zappa Based AWS Persistence and Attack Platform
• [25Star][2y] [Py] catalyst256/netscaler-cookie-decryptor Python application to decrypt Netscaler Load Balancer Persistence Cookies
• [21Star][4m] [Shell] rustybird/qubes-split-browser Tor Browser in a Qubes DisposableVM, with persistent bookmarks and login credentials
• [20Star][26d] karneades/malware-persistence Collection of malware persistence and hunting information. Be a persistent persistence hunter!
• [19Star][5y] [Visual Basic .NET] enigma0x3/old-powershell-payload-excel-delivery This version touches disk for registry persistence.
• [15Star][2y] [Py] nullarray/shellware Persistent bind shell via pythonic shellcode execution, and registry tampering.
• [14Star][6m] [HTML] abzcoding/aptdetector Advanced Persistent Threat Detection Using Network Analysis
• [14Star][19d] [C] windriver-opensourcelabs/cryptfs-tpm2 Store and restore a persistent passphrase with TPM 2.0
• [8Star][4m] [PS] bspence7337/invoke-wmipersist A powershell script to create WMI Event subscription persistence
• [7Star][1y] [Java] tryan18/xcom Cross-referencing network communication for detecting Advanced Persistent Threat (APT) malware
• [4Star][2y] pradeepjairamani/typo3-xss-poc Typo3 -v9.1.0 Persistent Cross Site Scripting(XSS) Assigned CVE Number: CVE-2018-6905
• [3Star][4y] [JS] tobypinder/ludumdare32 [Merged into /tobypinder] Apt - Advanced Persistent Threat
• [2Star][2y] [Py] aroradhruv03/apthreatdetectionsys Advanced Persistent Threat /Intrusion Detection Sys
• [2Star][9m] [Py] azmatt/cerebro Keyword Persistent Monitor
• [2Star][3y] [JS] adrienjoly/persistent-harmony A wrapper class to create persistent javascript objects, relying on harmony proxies.
• [1Star][1y] harsh2602/apt-detection-via-graph-analytics This is a public repo for the Graph Analytics project done for the Advanced and Persistent Threats (CS 594-III) during Spring Semester for 2016
• [1Star][1y] security-breachlock/cve-2018-16639 Non-Persistent XSS in Typesetter CMS
• [1Star][2y] [PS] subesp0x10/wmi-persistence
• [0Star][1y] security-breachlock/cve-2018-16623 XSS Persistent in Kirby CMS
• [0Star][1y] security-breachlock/cve-2018-16632 Persistent Cross site Scripting in Mezzanine
• [0Star][1y] security-breachlock/cve-2018-17301 Non-persistent XSS in EspoCRM
• [NoneStar][ObjC] objective-see/blockblock BlockBlock provides continual protection by monitoring persistence locations.

---

Post

• 2020.03 [thegreenplace] Implementing Raft: Part 3 - Persistence and Optimizations
• 2020.01 [BlackHat] Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence
• 2019.10 [HackersOnBoard] Black Hat USA 2016 Account Jumping Post Infection Persistency & Lateral Movement in AWS
• 2019.09 [myonlinesecurity] Some changes to Remcos Rat persistence method
• 2019.09 [netspi] Maintaining Azure Persistence via Automation Accounts
• 2019.09 [Bank] Automated host recon, persistence and exfiltration
• 2019.09 [trendmicro] Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
• 2019.08 [contextis] Common Language Runtime Hook for Persistence
• 2019.08 [trendmicro] Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response
• 2019.08 [stealthbits] Detecting Persistence through Active Directory Extended Rights
• 2019.08 [trendmicro] LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
• 2019.07 [HackerSploit] Pivoting And Persistence With Armitage
• 2019.07 [two06] Persistence with KeePass -Part 2
• 2019.06 [two06] Persistence with KeePass - Part 1
• 2019.06 [HackmanitGmbH] RuhrSec 2019: "Don't Trust The Locals: Exploiting Persistent ...", Marius Steffens & Dr. Ben Stock
• 2019.06 [X13Cubed] Detecting Persistence in Memory
• 2019.06 [stealthbits] Domain Persistence with Subauthentication Packages
• 2019.06 [0x00sec] Achieving Persistent Access to Burp Collaborator Sessions
• 2019.06 [JosephDelgadillo] Learn System Hacking E18: Persistence Module
• 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 2 – COM Hijacking
• 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 1 – Microsoft Office
• 2019.04 [NDSSSymposium] NDSS 2019 Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation
• 2019.02 [netspi] Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence
• 2019.02 [hosakacorp] systemd user persistence in metasploit
• 2019.02 [robtlee73] Leveraging Data Science to Discover Persistent Threats - SANS Threat Hunting Summit 2018
• 2019.01 [lukeberner] How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram…
• 2019.01 [arxiv] [1901.00620] A Secure and Persistent Memory System for Non-volatile Memory
• 2019.01 [sans] Examples of Recent APT Persistence Mechanisms
• 2019.01 [sans] Detecting Persistence with the Kansa PowerShell Framework
• 2019.01 [sans] Viewing the Nodes in the Noise: Leveraging Data Science to Discover Persistent Threat
• 2018.12 [crowdstrike] Adversary Extends Persistence by Modifying System Binaries
• 2018.12 [windowsir] Hunting and Persistence
• 2018.11 [andreafortuna] Process Injection and Persistence using Application Shimming
• 2018.10 [auth0] Credential Stuffing is a Persistent Threat to Your Users
• 2018.10 [xorrior] Persistent Credential Theft with Authorization Plugins
• 2018.10 [hexacorn] How to find new persistence tricks?
• 2018.10 [defensivedepth] Osquery Cheat Sheet – Process Interrogation & Persistence Techniques
• 2018.10 [hexacorn] Lateral Movement and Persistence: tactics vs techniques
• 2018.10 [MSbluehat] BlueHat v18 || Killsuit the equation group's swiss army knife for persistence, evasion, and data exfil
• 2018.10 [ACoD] Philo Track 1/30/18 12 Universal Persistent Bugs, Paul Vixie
• 2018.09 [sophos] The persistent nuisance of cryptomining looks set to grow
• 2018.09 [bwtech789] Outlook Today Homepage Persistence
• 2018.08 [X13Cubed] Persistence Mechanisms
• 2018.07 [trendmicro] The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
• 2018.07 [syspanda] Threat Hunting: Finding Persistence Mechanisms
• 2018.07 [obscuritylabs] Cross-Platform VPN Persistence(and phishing!) with Viscosity
• 2018.06 [redcanary] Behind the Scenes of an Active Breach (Part 1): Establishing Persistence
• 2018.05 [secjuice] My Journey Into Infosec : Persistence, persistence and yet more persistence.
• 2018.05 [ironcastle] Adding Persistence Via Scheduled Tasks, (Mon, May 7th)
• 2018.05 [sans] Adding Persistence Via Scheduled Tasks
• 2018.04 [oddvar] Persistence using GlobalFlags in Image File Execution Options – Hidden from Autoruns.exe
• 2018.03 [deepsec] Advanced and In-Depth Persistent Defence
• 2018.03 [bohops] DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction
• 2018.03 [rastamouse] A View of Persistence
• 2018.03 [oddvar] Persistence using RunOnceEx – Hidden from Autoruns.exe
• 2018.03 [virusbulletin] VB2017 paper: The life story of an IPT - Inept Persistent Threat actor
• 2018.03 [misteralfa] [Facebook][ F5 BIG-IP ] PERSISTENCE COOKIE INFORMATION LEAKAGE
• 2018.03 [bohops] Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2)
• 2018.03 [stealthbits] Creating Persistence with DCShadow
• 2018.02 [bohops] Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence
• 2018.02 [bohops] Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction
• 2018.02 [nextplatform] Momentum Gathers for Persistent Memory Preppers
• 2018.02 [vimeo] Introduction to INNUENDO's New Persistence Framework
• 2018.01 [stealthbits] Gain System Access and Persistence with SQL Native Attacks – SQL Attacks
• 2018.01 [f5] Cookies, Sessions, and Persistence
• 2017.12 [paloaltonetworks] Abusing the Service Control Manager to Establish Persistence for Non-Service App
• 2017.12 [securestate] Quick Reference: Empire Persistence Modules
• 2017.11 [countercept] Hunting for Junction Folder Persistence
• 2017.11 [malwarebytes] Persistent drive-by cryptomining coming to a browser near you
• 2017.11 [countercept] Hunting for Junction Folder Persistence
• 2017.10 [digitalforensicstips] Persistent Monitoring on a Budget
• 2017.10 [stealthbits] Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks
• 2017.09 [harmj0y] An ACE in the Hole - Stealthy Host Persistence via Security Descriptors
• 2017.09 [nats] Guest Post: Use cases for persistent logs with NATS Streaming
• 2017.07 [activecanopy] May QBot Persistence and Attack Details
• 2017.07 [paloaltonetworks] TwoFace Webshell: Persistent Access Point for Lateral
• 2017.07 [virusbulletin] Advanced and inept persistent threats to be discussed at VB2017
• 2017.06 [stealthbits] Persistence using AdminSDHolder and SDProp
• 2017.06 [blacksunhackers] Leveraging Application Verifier for Function Hooking and Persistence
• 2017.05 [trustedsec] Episode 2.7 Tavis breaks the Internet, Executive Orders, Diskless Persistence Methods, and more!
• 2017.05 [fireeye] To SDB, Or Not To SDB: FIN7 Leveraging Shim Databases for Persistence
• 2017.05 [binarydefense] PowerShell Injection with Fileless Payload Persistence and Bypass Techniques
• 2017.04 [mwrinfosecurity] Add-In Opportunities for Office Persistence
• 2017.03 [puri] Yet Another EFI/UEFI Exploit, this one Utilizing NVRAM and Persistent Storage
• 2017.03 [DemmSec] Guide to Pentesting - Episode 18 - Persistence
• 2017.02 [auth0] Serverless REST API with Angular, Persistence and Security
• 2017.01 [adsecurity] Sneaky Persistence Active Directory Trick #18: Dropping SPNs on Admin Accounts for Later Kerberoasting
• 2016.11 [vkremez] Netcat Shell and Persistence
• 2016.10 [n00py] Using email for persistence on OS X
• 2016.10 [Cooper] Hack.lu 2016 badGPO - Using GPOs for Persistence and Lateral Movement
• 2016.09 [endgame] How to Hunt: Detecting Persistence & Evasion with the COM
• 2016.09 [deepsec] DeepSec2016 Talk: badGPO – Using GPOs for Persistence and Lateral Movement – Yves Kraft & Immanuel Willi
• 2016.08 [blacksunhackers] Post Exploitation Persistence With Application Shims (Intro)
• 2016.08 [radware] Dry Lighting Cracks against the Cloud: The Rise of the Advanced Persistent DoS (APDoS)
• 2016.08 [netspi] Establishing Registry Persistence via SQL Server with PowerUpSQL
• 2016.07 [objective] Analyzing 'Mac File Opener' Persistence
• 2016.07 [paloaltonetworks] Technical Walkthrough: Office Test Persistence Method Used In Recent Sofac
• 2016.07 [malwarebytes] Untangling Kovter’s persistence methods
• 2016.07 [korznikov] RCE by abusing NAC to gain Domain Persistence.
• 2016.06 [sentinelone] Persistence Makes Perfect
• 2016.06 [k7computing] Interesting Persistence Technique
• 2016.06 [k7computing] Interesting Persistence Technique
• 2016.06 [imperva] Black Hat SEO attacks: Persistent Multi-Vector Attacks Prey on Thousands of Legitimate Websites
• 2016.05 [enigma0x3] Userland Persistence with Scheduled Tasks and COM Handler Hijacking
• 2016.05 [cybereason] Cybereason, SANS Webinar: The End of IOCs: A Case Study on Resolving Persistent Attacks Using Tactics, Techniques, and Procedures
• 2016.05 [cmu] Persistent Little IP, Aren't You?
• 2016.05 [room362] WPAD Persistence ·
• 2016.05 [zonksec] Persistence Aggressor Script
• 2016.04 [welivesecurity] Insider threats: A persistent and widespread problem
• 2016.04 [jerrygamblin] Persistent Reverse-SSH Tunnel on a RaspberryPi
• 2016.04 [nextplatform] Programming For Persistent Memory Takes Persistence
• 2016.04 [netspi] Maintaining Persistence via SQL Server – Part 2: Triggers
• 2016.03 [adsecurity] Sneaky Active Directory Persistence #17: Group Policy
• 2016.03 [adsecurity] Sneaky Active Directory Persistence #16: Computer Accounts & Domain Controller Silver Tickets
• 2016.03 [netspi] Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures
• 2016.02 [powershellempire] Nothing Lasts Forever: Persistence with Empire
• 2016.02 [checkpoint] HummingBad: A Persistent Mobile Chain Attack | Check Point Software Blog
• 2016.02 [cybereason] NSA: Hackers use persistence, not zero days, to breach companies
• 2016.01 [countercept] Effective Persistent Threats - Sophistication, Economics & Complexity
• 2016.01 [acolyer] Blurred Persistence: Efficient Transactions in Persistent Memory
• 2015.12 [arno0x0x] Configure Fail2Ban for permanent and persistent bans
• 2015.12 [rapid7] 12 Days of HaXmas: Advanced Persistent Printer
• 2015.11 [malwarejake] Kerberos silver tickets - unique attacker persistence
• 2015.10 [room362] DotNet's DNVM For Persistence On Developer Machines ·
• 2015.10 [cybereason] A New Persistent Attack Methodology Targeting Microsoft OWA
• 2015.09 [cybertriage] Maximizing Your Non-Persistent Agent’s Effectiveness
• 2015.08 [cybertriage] Do You Need Persistent Agents to Fight Persistent Threats?
• 2015.07 [shellntel] Using PowerShell & Unicorn to Get Persistence
• 2015.04 [paragonie] Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)
• 2015.02 [virusbulletin] VB2014 paper: Caphaw - the advanced persistent pluginer
• 2015.01 [insinuator] The Persistent Problem of State in IPv6 (Security)
• 2014.11 [begriffs] Type-Safe DB Access with Persistent
• 2014.10 [firebitsbr] Setar variável persistente do $GOPATH no Fedora 20
• 2014.10 [enigma0x3] Persistence using Microsoft Outlook
• 2014.10 [knapsy] Persistence VM Writeup
• 2014.09 [leonjza] From Persistence
• 2014.09 [room362] OSX Persistence via PHP Webshell ·
• 2014.09 [sans] Odd Persistent Password Bruteforcing
• 2014.09 [kaspersky] A solution for small businesses’ persistent IT security issues
• 2014.07 [securityintelligence] Citadel’s New Trick: Persistent Device Remote Control
• 2014.07 [malwarebytes] PUPS are Persistent
• 2014.06 [bluescreenofjeff] Semi-Persistence
• 2014.06 [trendmicro] Best security practices for preventing advanced persistent attacks
• 2014.05 [offensive] Kali Encrypted USB Persistence
• 2013.12 [welivesecurity] Did you say "Advanced" Persistent Threats?
• 2013.08 [wordfence] Got a persistent scraper? Here’s how to deal with them, permanently!
• 2013.07 [windowsir] HowTo: Detecting Persistence Mechanisms
• 2013.05 [firebitsbr] Exploit Python – F5 BIG-IP Cookie Persistence
• 2012.10 [trendmicro] PE_XPAJ: Persistent File Infector
• 2012.08 [privacy] Shaping Tomorrow’s Security Today 4: Advanced Persistent Protection
• 2011.10 [krebsonsecurity] Chasing APT: Persistence Pays Off
• 2011.09 [trendmicro] The Persistent Threat of Fake AV
• 2011.08 [securityinnovation] Use Named Queries with Java Persistence API (JPA)
• 2011.05 [krebsonsecurity] Advanced Persistent Tweets: Zero-Day in 140 Characters
• 2010.12 [immunityinc] Aleatory Persistent Threat
• 2010.10 [sans] Digital Forensics: Persistence Registry keys
• 2010.09 [depthsecurity] Super-Persistent Cookies - evercookie JavaScript API
• 2010.08 [trendmicro] The Persistence of FAKEAV
• 2010.08 [immunityinc] Aleatory Persistent Threat
• 2010.04 [rapid7] Persistent Meterpreter over Reverse HTTPS
• 2005.02 [sans] More CA BrightStor ARCserve Backup... Is your IDS/IPS Dead?... And Persistent Netcat Listener with While Loop
• 2003.04 [imperialviolet] Persistence

---

Post-pentestlab

• 2020.05 [pentestlab] Persistence – COM Hijacking
• 2020.03 [pentestlab] Persistence – DLL Hijacking
• 2020.02 [pentestlab] Persistence – RID Hijacking
• 2020.02 [pentestlab] Persistence – WaitFor
• 2020.01 [pentestlab] Persistence – Modify Existing Service
• 2020.01 [pentestlab] Persistence – Winlogon Helper DLL
• 2020.01 [pentestlab] Persistence – Image File Execution Options Injection
• 2020.01 [pentestlab] Persistence – AppInit DLLs
• 2020.01 [pentestlab] Persistence – Change Default File Association
• 2019.12 [pentestlab] Persistence – Application Shimming
• 2019.12 [pentestlab] Persistence – Office Application Startup
• 2019.11 [pentestlab] Persistence – Accessibility Features
• 2019.11 [pentestlab] Persistence – PowerShell Profile
• 2019.11 [pentestlab] Persistence – Scheduled Tasks
• 2019.10 [pentestlab] Persistence – BITS Jobs
• 2019.10 [pentestlab] Persistence – Netsh Helper DLL
• 2019.10 [pentestlab] Persistence – Port Monitors
• 2019.10 [pentestlab] Persistence – Time Providers
• 2019.10 [pentestlab] Persistence – Security Support Provider
• 2019.10 [pentestlab] Persistence – Screensaver
• 2019.10 [pentestlab] Persistence – Shortcut Modification
• 2019.10 [pentestlab] Persistence – New Service
• 2019.10 [pentestlab] Persistence – Registry Run Keys

---

Post-Malware

• 2020.01 [fortinet] Using a Security-Driven Network to Address Persistent IoT Botnets
• 2019.11 [flashpoint] Threat Actors Demonstrate Persistent Interest in ATM Malware
• 2019.09 [trendmicro] Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
• 2019.08 [sentinelone] Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities
• 2019.05 [proofpoint] New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
• 2019.05 [sans] Finding Registry Malware Persistence with RECmd
• 2019.04 [sans] Offline Autoruns Revisited - Auditing Malware Persistence
• 2019.01 [ColinHardy] Using WhatsApp for Malware Persistence
• 2018.10 [arxiv] [1810.07321] Malware triage for early identification of Advanced Persistent Threat activities
• 2018.07 [sucuri] Persistent Malicious Redirect Variants
• 2018.06 [az4n6] Malicious PowerShell in the Registry: Persistence
• 2018.05 [lastline] Web Security for Advanced Malware and Persistent Threats – Revisited
• 2018.05 [virusbulletin] Hide'n'Seek IoT botnet adds persistence
• 2018.05 [secplicity] The Hide ‘N Seek IoT Botnet Just Unlocked a New Achievement: Persistence
• 2018.05 [bitdefender] Hide and Seek IoT Botnet resurfaces with new tricks, persistence
• 2018.03 [vkremez] Let's Learn: Internals of Iranian-Based Threat Group "Chafer" Malware: Autoit and PowerShell Persistence
• 2018.03 [lastline] The Persistent Threat of Account and Identity Theft Malware
• 2018.01 [cylance] Threat Spotlight: Kovter Malware Fileless Persistence Mechanism
• 2018.01 [hyperiongray] Malicious Excel DDE Execution with ML AV Bypass and Persistence
• 2017.10 [vmray] Persistent Emotet Malware with a Crafty Social Engineering Technique
• 2017.10 [vmray] Persistent Emotet Malware with a Crafty Social Engineering Technique
• 2017.10 [angelalonso] Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell
• 2017.09 [vkremez] Let's Learn: Reversing Trickbot Banking Trojan's New "WormShare" Persistence Module
• 2017.08 [vmray] Poweliks Malware – Filelessly Persistent
• 2017.07 [trustedsec] Episode 2.8 – NSA and Exploit Tools, Petya, Russia, and Ransomware, systemd, Deathstar, and Office persistence methods
• 2017.05 [hshrzd] Hijacking extensions handlers as a malware persistence method
• 2017.05 [tarlogic] Persistence in WordPress using backdoors in SQL
• 2016.11 [vkremez] Post Exploitation: Persistence and Backdoor
• 2016.06 [esentire] Malware and Advanced Persistent Threats - How Long is Too Long to go Undetected?
• 2016.04 [cybrary] S3SS10N Wednesday – Malware Persistence 101
• 2016.03 [airbuscybersecurity] Fileless Malware – A Behavioural Analysis Of Kovter Persistence
• 2015.09 [wroot] Babadook: Connection-less Powershell Persistent and Resilient “Backdoor”
• 2015.06 [f5] Slave Malware Analysis: Evolving from IBAN Swaps to Persistent Webinjects
• 2015.06 [securelist] The Duqu 2.0 persistence module
• 2015.06 [openanalysis] Malware Persistence: HKEY_CURRENT_USER Shell Extension Handlers
• 2015.05 [jumpespjump] Many ways of malware persistence (that you were always afraid to ask)
• 2014.10 [virusbulletin] Paper: Invading the core: iWorm's infection vector and persistence mechanism
• 2014.10 [virusbulletin] VB2014 paper: Methods of malware persistence on Mac OS X
• 2014.10 [f5] Tinba Malware: Domain Generation Algorithm Means New, Improved, and Persistent
• 2014.08 [virusbulletin] VB2014 preview: Methods of malware persistence on Mac OS X
• 2014.07 [securityintelligence] Bootkits: Deep Dive Into Persistence Mechanisms Used by Bootkits at HOPE X Conference
• 2014.01 [igorkorkin] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence - Part 4
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence - Part 3
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence - Part 2
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
• 2012.09 [trendmicro] Advanced Persistent Response Thwarts Malicious Digital Insider
• 2012.06 [mcafee] Combating Malware and Advanced Persistent Threats
• 2012.03 [pentestlab] Metasploit Persistent Backdoor
• 2004.09 [sans] System Store Trojan, Infection Persistence, Save the Pr0n

---

Post-hackingarticles

• 2020.05 [hackingarticles] Persistence: Accessibility Features
• 2020.04 [hackingarticles] Domain Persistence: Golden Ticket Attack
• 2020.04 [hackingarticles] Persistence: RID Hijacking

Contribute

Contents auto exported by Our System, please raise Issue if you have any question.