This module tries to enumerate all the persistence methods implanted on a compromised machine. New techniques may take some time before they are implemented in this script, so don't assume that because the module didn't find anything the machine is clean.

This script reviews the Registry Hive and identifies any scheduled tasks without SD (security descriptor) Value within the Task Key. We recommend that you perform analysis on these tasks as needed. The absence of SecurityDescriptor is a Defense Evasion and Persistence technique as these tasks will remain hidden from regular tasks queries results ex... More info