Awesome Malware Persistence Awesome

A curated list of awesome malware persistence tools and resources.

Malware persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

This is an extract with only links to the tools and resources taken from the main article about malware persistence.

Contents

Techniques

Persistence techniques and detection.

Persistence Removal

Tools and commands for persistence mechanisms removal. Beside the tools mentioned below, use standard OS commands to remove the persistence.

General

Windows

Detection Testing

Tools for testing detections. Use the techniques described in Persistence Techniques to create these files or add the configuration changes by hand to test your detections.

Prevention

Tools for preventing malicious persistence.

macOS

Collection

Tools for persistence collection.

General

Linux

There is no persistence collection tool for Linux. Use some of the tools from #General or standard OS commands for collection. Thanks for contributing links to Linux specific persistence collection tools.

macOS

Windows

Contributing

Contributions welcome! Read the contribution guidelines first.