PersistenceSniper v1.12.1 is out! This one releases a fix for a bug which prevented the detection of the hijacking of Utilman.exe as persistence technique. github.com/last-byte/Pers…

Hello there! This is PersistenceSniper’s Twitter (X) account. Here you will get alerts whenever a new version of the tool comes out and also tips on how to use it!

RomHack has ended and it has been amazing. Kudos to Cyber Saiyan | RomHack Conference, Training, Camp for the awesome conference and an incredible training from Dirk-jan. Special thanks to Advanced Persistent Tortellini,klez, Diego Capriotti, trickster0 TheZero 🍉 on BlueSky, Pit, Goten, zi0Black, and frycos for the great time.

#PersistenceSniper version 1.13.0 is out! In this release, along with some minor bugfixes, 2 new detections have been implemented: RID hijacking and the Suborner attack. Check it 👇 github.com/last-byte/Pers…

Finally, #PersistenceSniper gets a clear and complete Wiki for the project! It details how to deploy and use it, as well as some more "complex" usage examples and a detailed list of all the available detections with explanations. Check it here 👇 github.com/last-byte/Pers…

#PersistenceSniper version 1.14.0 is out. This release implements a detection for the Directory Services Restore Mode (DSRM) backdoor that attackers can deploy on Domain Controllers. github.com/last-byte/Pers…

It's a bittersweet moment, but our series of "Attacking an EDR" has come to an end! Me and Her0 hope that you had as much fun reading it as we had writing it. riccardoancarani.github.io/2023-11-07-att…

It's a bittersweet moment, but our series of "Attacking an EDR" has come to an end! Me and Riccardo hope that you had as much fun reading it as we had writing it. her0ness.github.io/2023-11-07-Att…

My research project 'Google Calendar RAT' was cited by Google in their 'Q3 2023 Threat Horizons Report.' - Learn more and star on GitHub: github.com/MrSaighnal/GCR… - Read the Google report (page 12): services.google.com/fh/files/blogs… #Google #GCR #Malware

My first research and tool are finally out. If you want to deep dive into some CLR internals and understand how we can abuse it to blend-in within its own logic go check it out. Hope you'll enjoy the read. ipslav.github.io/2023-12-12-let…

#PersistenceSniper version 1.15.0 is out! This release implements the detection for the GhostTask technique. Check it out! github.com/last-byte/Pers…

#PersistenceSniper has been downloaded almost 5500 times since it was released a bit more than a year ago! It looks like the project has been well received by the community so far 🦾

#PersistenceSniper v1.16.0 is out! This release implements detections for the Boot Verification Program Hijacking and AppInit DLLs Injection techniques. Check the details at github.com/last-byte/Pers…

Version 1.16.3 of #PersistenceSniper is out. This includes a couple of bug fixes regarding the LSA Notify Package detections and the usage of the tool remotely. Make sure to update! Check it out at github.com/last-byte/Pers…