#PersistenceSniper version 1.13.0 is out! In this release, along with some minor bugfixes, 2 new detections have been implemented: RID hijacking and the Suborner attack. Check it 👇 github.com/last-byte/Pers…

Finally, #PersistenceSniper gets a clear and complete Wiki for the project! It details how to deploy and use it, as well as some more "complex" usage examples and a detailed list of all the available detections with explanations. Check it here 👇 github.com/last-byte/Pers…

#PersistenceSniper version 1.14.0 is out. This release implements a detection for the Directory Services Restore Mode (DSRM) backdoor that attackers can deploy on Domain Controllers. github.com/last-byte/Pers…

PersistenceSniper. PowerShell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines, by last github.com/last-byte/Pers…

#PersistenceSniper version 1.15.0 is out! This release implements the detection for the GhostTask technique. Check it out! github.com/last-byte/Pers…

#PersistenceSniper has been downloaded almost 5500 times since it was released a bit more than a year ago! It looks like the project has been well received by the community so far 🦾

#PersistenceSniper version 1.15.1 is out! This release fixes a bug which would prevent certain persistences from showing up due to Powershell not being listed as a LOLBin in the LOLBas project, as pointed out by Strassi. Update right away! github.com/last-byte/Pers…

If you don't run PersistenceSniper as part of your threat hunting program, you're missing out on some really handy tooling. If you have a clean baseline, you can get just the diffs which can be very valuable intel. github.com/last-byte/Pers…

We surpassed 10’000 downloads 🎉

#PersistenceSniper v1.16.0 is out! This release implements detections for the Boot Verification Program Hijacking and AppInit DLLs Injection techniques. Check the details at github.com/last-byte/Pers…

TIL: You can use undocumented CRYPT_STRING_BASE64URI flag in CryptBinaryToString() to make your Base64 string safe for URLs and filenames as defined in Section 5. of RFC4648.

Version 1.16.1 of #PersistenceSniper has been released. It fixes a bug in the fuction responsible of checking for the GhostTask technique which prevented its detection in certain situations. github.com/last-byte/Pers…

Version 1.16.3 of #PersistenceSniper is out. This includes a couple of bug fixes regarding the LSA Notify Package detections and the usage of the tool remotely. Make sure to update! Check it out at github.com/last-byte/Pers…

Version 1.17.0 of #PersistenceSniper has just been uploaded on #Github and #PowershellGallery. This release sports 4 new detections, bringing the total number of detections to 60 🕵️

Lightining fast, version 1.17.1 is already up and running both on #Github and #PowershellGallery, with enhanced detections for the techniques implemented in version 1.17.0. Thanks to sixtyvividtails for the support and for pointing out how to further improve the tool!