PersistenceSniper
1.11.0
This module tries to enumerate all the persistence methods implanted on a compromised machine. New techniques may take some time before they are implemented in this script, so don't assume that because the module didn't find anything the machine is clean.
Minimum PowerShell version
5.0
Installation Options
Owners
Copyright
Commons Clause
Package Details
Author(s)
- Federico @last0x00 Lagrasta
Tags
Windows Registry Persistence Detection Blue Purple Red Team Incident Response DFIR IR Forensics AMSI Powershell
Functions
Dependencies
This module has no dependencies.
Release Notes
This release fixes a bug in the CmdAutoRun detection and also implements detection for RunEx registry keys, RunOnceEx registry keys, and .NET startup hooks.
FileList
- PersistenceSniper.nuspec
- PersistenceSniper.psm1
- PersistenceSniper.psd1
Version History
Version | Downloads | Last updated |
---|---|---|
1.17.1 | 1,094 | 12/11/2024 |
1.17.0 | 24 | 12/11/2024 |
1.16.3 | 1,606 | 12/3/2024 |
1.16.1 | 23,749 | 6/30/2024 |
1.16.0 | 9,089 | 3/31/2024 |
1.15.1 | 3,987 | 2/15/2024 |
1.15.0 | 3,771 | 1/9/2024 |
1.14.0 | 1,039 | 11/4/2023 |
1.13.0 | 169 | 10/5/2023 |
1.12.1 | 388 | 8/12/2023 |
1.12.0 | 300 | 5/22/2023 |
1.11.0 (current version) | 89 | 5/5/2023 |
1.10.1 | 20 | 5/4/2023 |
1.9.3 | 65 | 4/16/2023 |
1.9.2 | 197 | 2/22/2023 |
1.9.1 | 127 | 1/29/2023 |
1.8.0 | 124 | 12/16/2022 |
1.7.1 | 96 | 10/17/2022 |
1.7.0 | 207 | 9/7/2022 |
1.6.0 | 265 | 9/6/2022 |
1.5.0 | 31 | 8/31/2022 |
1.4.0 | 93 | 8/15/2022 |
1.3.2 | 57 | 8/9/2022 |
1.3.1 | 23 | 8/8/2022 |
1.3 | 16 | 8/8/2022 |
1.2 | 15 | 8/8/2022 |
1.0 | 181 | 8/4/2022 |
0.9 | 25 | 8/3/2022 |