PersistenceSniper

1.13.0

This module tries to enumerate all the persistence methods implanted on a compromised machine. New techniques may take some time before they are implemented in this script, so don't assume that because the module didn't find anything the machine is clean.

Minimum PowerShell version

5.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PersistenceSniper -RequiredVersion 1.13.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PersistenceSniper -Version 1.13.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Federico @last0x00 Lagrasta

Copyright

Commons Clause

Package Details

Owners

Tags

Windows Registry Persistence Detection Blue Purple Red Team Incident Response DFIR IR Forensics AMSI Powershell

Functions

Find-AllPersistence

Dependencies

This module has no dependencies.

Release Notes

This release implements detection for RID hijacking and the Suborner technique. It also fixes a module-wide bug regarding string comparisons (see issue #19).

FileList

Version History

Version Downloads Last updated
1.15.1 1,580 2/15/2024
1.15.0 3,768 1/9/2024
1.14.0 1,035 11/4/2023
1.13.0 (current version) 166 10/5/2023
1.12.1 385 8/12/2023
1.12.0 297 5/22/2023
1.11.0 86 5/5/2023
1.10.1 17 5/4/2023
1.9.3 62 4/16/2023
1.9.2 194 2/22/2023
1.9.1 124 1/29/2023
1.8.0 121 12/16/2022
1.7.1 93 10/17/2022
1.7.0 204 9/7/2022
1.6.0 262 9/6/2022
1.5.0 28 8/31/2022
1.4.0 90 8/15/2022
1.3.2 54 8/9/2022
1.3.1 20 8/8/2022
1.3 13 8/8/2022
1.2 12 8/8/2022
1.0 170 8/4/2022
0.9 22 8/3/2022
Show more