PersistenceSniper
Hunt persistences implanted in Windows machines.
PersistenceSniper is a Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. It is also available on Powershell Gallery and it is digitally signed with a valid code signing certificate.
Following is a quick list of PersistenceSniper's features:
- Monolithic PowerShell module: all the code is in just one file
- Easily extensible: every persistence detection has its own standalone function
- Digitally signed with a valid code signing certificate
- Natively supports PowerShell remoting so that it can be run on multiple remote machines without having to upload the module on each of them and without leaving privileged - credentials on said machines
- Supports whitelists with which you can filter out known false positives and highlight only the bad stuff
- Compatible with the Velociraptor DFIR framework