Awesome

所有收集类项目

Persistence

• 跟驻留/持久化有关的工具和文章，多平台。包括80个工具和350左右文章。
• English Version

目录

• Windows -> (8)工具 (42)文章
• Linux -> (1)工具 (3)文章
• macOS -> (10)文章
• Android -> (2)工具 (3)文章
• iOS -> (2)工具 (1)文章
• 新添加
  • (67) 工具
  • (212) 文章
  • (23) 文章-pentestlab
  • (54) 文章-恶意代码
  • (3) 文章-hackingarticles

<a id="778ee28406147330e50ce8e39e1e0510"></a>Windows

<a id="a563fd944f51033ab1823cc51ce5cc84"></a>工具

• [336星][4m] [C#] fireeye/sharpersist Windows persistence toolkit
• [107星][12m] [PS] r4wd3r/rid-hijacking Windows RID Hijacking persistence technique
• [98星][5y] [PS] enigma0x3/invoke-altdsbackdoor obtain persistence on a Windows 7+ machine under both Standard and Administrative accounts by using two Alternate Data Streams
• [66星][3y] [Py] darkquasar/wmi_persistence Python脚本，直接解析 OBJECTS.DATA 文件（无需访问用户WMI 名称空间）查找 WMI persistence
• [60星][2m] [Go] giuliocomi/backoori Tool aided persistence via Windows URI schemes abuse
• [17星][8m] [Go] mthbernardes/badarchitect Abusing SketchUp to make persistence on Windows
• [6星][4m] [C] 1captainnemo1/persistentcreverseshell A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
• [5星][4m] [C++] rtcrowley/offensive-netsh-helper Maintain Windows Persistence with an evil Netshell Helper DLL

<a id="9473a67a0be440ab564685f35d01322b"></a>文章

• 2020.04 [hackingarticles] Windows Persistence using Netsh
• 2020.04 [hackingarticles] Windows Persistence using Bits Job
• 2020.04 [hackingarticles] Windows Persistence using WinLogon
• 2020.01 [hackingarticles] Windows Persistence using Application Shimming
• 2020.01 [hackingarticles] Multiple Ways to Persistence on Windows 10 with Metasploit
• 2020.01 [pentestlab] Persistence – WMI Event Subscription
• 2019.10 [secjuice] Abusing Windows 10 Narrator 'Feedback-Hub' for Fileless Persistence
• 2019.10 [aliyun] windows中常见后门持久化方法总结
• 2019.07 [rootedconmadrid] Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [RootedCON2019-ENG]
• 2019.07 [rootedconmadrid] Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [RootedCON2019-ESP]
• 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 3 – WMI Event Subscription
• 2019.05 [remoteawesomethoughts] Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
• 2019.03 [hackingarticles] Windows Persistence with PowerShell Empire
• 2019.02 [freebuf] 常见的几种windows后门持久化方式
• 2019.01 [fuzzysecurity] Windows用户模式下恶意软件驻留方式汇总（2014年11月）
• 2019.01 [4hou] 如何检测并清除WMI持久化后门
• 2018.10 [4hou] 利用Windows库文件进行持久化攻击
• 2018.10 [aliyun] 如何检测并清除WMI持久性后门
• 2018.10 [360] 如何滥用Windows库文件实现本地持久化
• 2018.10 [countercept] Abusing Windows Library Files for Persistence
• 2018.10 [countercept] Abusing Windows Library Files for Persistence
• 2018.09 [oddvar] Persistence using Universal Windows Platform apps (APPX)
• 2018.08 [swordshield] Sticking Around: Common Windows Malware Persistence Mechanisms
• 2018.07 [BSidesTLV] Abusing WMI Providers For Persistence - Philip Tsukerman
• 2018.05 [pentestingexperts] Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I
• 2018.04 [infosecinstitute] Advance Persistent Threat - Lateral Movement Detection in Windows Infrastructure - Part II
• 2018.03 [infosecinstitute] Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I
• 2017.03 [360] DoubleAgent：代码注入和持久化技术--允许在任何Windows版本上控制任何进程
• 2017.01 [inspired] WMI Persistence with Cobalt Strike
• 2016.09 [4hou] 如何在系统日志中记录WMI Persistence？
• 2016.09 [4hou] Study Notes of WMI Persistence using wmic.exe
• 2016.08 [3gstudent] Study Notes of WMI Persistence using wmic.exe
• 2016.07 [JackkTutorials] How to make a persistent backdoor (Metasploit / Kali Linux)
• 2016.06 [rootedconmadrid] Abel Valero - Windows BootKits: Como analizar malware persistente en MBR/VBR [RootedCON 2016 - ESP]
• 2016.06 [rootedconmadrid] Abel Valero - Windows BootKits: Como analizar malware persistente en MBR/VBR [RootedCON 2016 - ENG]
• 2016.04 [sans] Windows Command Line Persistence?
• 2016.04 [windowsir] Cool Stuff, re: WMI Persistence
• 2016.03 [quarkslab] Windows Filtering Platform: Persistent state under the hood
• 2015.09 [blackmoreops] Create Kali Bootable Installer USB Drive in Windows 10 (Kali Bootable Non-Persistence USB Drive)
• 2013.09 [cylance] Windows Registry Persistence, Part 2: The Run Keys and Search-Order
• 2013.08 [cylance] Windows Registry Persistence, Part 1: Introduction, Attack Phases and Windows Services
• 2012.11 [sans] Case Leads: DFIR Lessons from Sandy; The Advanced Persistent Intruder; The Secure Breach; Windows8 Forensics; South Carolina Tax Info Protected by "TWO FIREWALLS"

<a id="d85c33dfafdf2941e8865e38d7abdc70"></a>Linux

<a id="3fff7861fe9a68d96798413b150bf775"></a>工具

• [433星][4m] [Shell] d4rk007/redghost 用bash编写的Linux后渗透框架，旨在帮助red团队进行持久性、侦察、特权升级和不留痕迹

<a id="edadf03a82a99fb2d7bfda27c4d320d4"></a>文章

• 2018.11 [topsec] Linux下的Rootkit驻留技术分析
• 2018.11 [freebuf] Linux下的Rootkit驻留技术分析
• 2016.07 [freebuf] Linux Rootkit 系列五：感染系统关键内核模块实现持久化

<a id="92795e827b3b796c276aeb42cd7ba7bc"></a>macOS

<a id="920d31fa243672149cb4b16f6bd5c43c"></a>文章

• 2019.11 [CodeColorist] Two macOS persistence tricks abusing plugins
• 2019.06 [aliyun] macOS恶意软件驻留技术分析
• 2019.04 [aliyun] 利用macOS 的 Folder Actions 功能实现持久化控制
• 2019.03 [specterops] Folder Actions for Persistence on macOS
• 2019.03 [blacksunhackers] macOS Persistence via iTerm
• 2018.11 [4hou] 攻击者如何借助授权插件，实现macOS持久化凭据窃取
• 2018.03 [mac4n6] OMG, Seriously? - APFS Encrypted Plaintext Password found in ANOTHER (More Persistent!) macOS Log File
• 2018.02 [freebuf] 如何通过Emond在macOS上实现持久化访问
• 2018.01 [xorrior] Leveraging Emond on macOS For Persistence
• 2018.01 [xorrior] Leveraging Emond on macOS For Persistence

<a id="96c32cb67d39a39ca6ebcbf437ad5be0"></a>Android

<a id="6f8c8181aaceb3707bf31e05ef01aff7"></a>工具

• [33星][12m] [Kotlin] cesarferreira/seguro Secure persistence using AES+CBC encryption on Android with no dependencies.
• [31星][6m] [Kotlin] irontec/android-room-example Android Kotlin app showcasing the Room persistence library

<a id="0c8cc0e282af1c3976f089a32f0490ef"></a>文章

• 2017.07 [freebuf] 修改Metasploit安卓Payload源码以实现持久化访问
• 2017.06 [freebuf] MSF外网持久控制Android手机并渗透测试局域网
• 2015.02 [checkpoint] Clever and Persistent Android Banking Trojan Discovered | Check Point Software Blog

<a id="f2fca029044e3c784f5b8fedc992ade4"></a>iOS

<a id="11669583787f71136e12da932d6e60b6"></a>工具

• [199星][6m] [Swift] lucas34/swiftqueue Job Scheduler for IOS with Concurrent run, failure/retry, persistence, repeat, delay and more
• [138星][7m] [Swift] justeat/justpersist JustPersist is the easiest and safest way to do persistence on iOS with Core Data support out of the box. It also allows you to migrate to any other persistence framework with minimal effort.

<a id="79422f0e817849c95cc8b24650f95d94"></a>文章

• 2015.07 [nokiaguy] iOS8开发技术（Swift版）:数据持久化-李宁-专题视频课程

<a id="1006e9d79182efe6f1cb25f4da74e7e1"></a>新添加

<a id="f14b1b535106867820036c96a82f55ed"></a>工具

• [1742星][5m] [Py] rootm0s/winpwnage UAC绕过、提升、持久化和执行方法
• [986星][26d] [Py] synack/knockknock displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X
• [983星][3y] [C] cybellum/doubleagent Zero-Day Code Injection and Persistence Technique
• [792星][17d] [C] pmem/pmdk a collection of libraries and tools for System Administrators and Application Developers to simplify managing and accessing persistent memory devices
• [538星][4y] [PS] enigma0x3/generate-macro This Powershell script will generate a malicious Microsoft Office document with a specified payload and persistence method.
• [347星][1m] [TeX] plailect/keyshuffling Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain
• [310星][22d] [Py] shaypal5/cachier Persistent, stale-free, local and cross-machine caching for Python functions.
• [266星][2y] [C++] ewhitehats/invisiblepersistence Persisting in the Windows registry "invisibly"
• [220星][5y] [PS] jseidl/babadook Connection-less Powershell Persistent and Resilient Backdoor
• [215星][10m] [PS] harmj0y/damp The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification
• [194星][10m] [Ruby] sfeley/candy Transparent persistence for MongoDB
• [192星][2m] [Py] scrapy/queuelib Collection of persistent (disk-based) queues
• [162星][3y] miserlou/mackenzie AWS Lambda Infection Toolkit // Persistent Lambda Malware PoC
• [152星][1y] [ObjC] objective-see/reikey Malware and other applications may install persistent keyboard "event taps" to intercept your keystrokes. ReiKey can scan, detect, and monitor for such taps!
• [150星][20d] [Py] checkymander/imessagesbackdoor A script to help set up an event handler in order to install a persistent backdoor that can be activated by sending a message.
• [141星][6m] [C++] hasherezade/iat_patcher Persistent IAT hooking application - based on bearparser
• [126星][2y] zonksec/persistence-aggressor-script initial commit
• [124星][4m] [PS] p0w3rsh3ll/autoruns help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
• [111星][4m] [Go] schollz/linkcrawler Cross-platform persistent and distributed web crawler
• [105星][3y] [Py] n00py/norknork Powershell Empire Persistence finder
• [99星][2y] [PS] testingpens/malwarepersistencescripts A collection of scripts I've written to help red and blue teams with malware persistence techniques.
• [95星][23d] [Batchfile] huntresslabs/evading-autoruns 几种用于逃避常见的驻留枚举工具的技术（Evading Autoruns，Derbycon 2017）
• [94星][22d] [C++] hasherezade/persistence_demos Demos of various (also non standard) persistence methods used by malware
• [91星][4m] 0xthirteen/staykit Cobalt Strike kit for Persistence
• [73星][4m] [Py] s1egesystems/ghostdelivery .vbs script to deliver payload with persistence.
• [70星][16d] [C#] mdsecactivebreach/wmipersistence WMI Event Subscription Persistence in C#
• [69星][4m] [C++] tobozo/esp32-blecollector ᛡᛒ BLE Scanner + Data persistence on SD Card for M5Stack, Odroid-Go, ESP32-Wrover-Kit and other models
• [66星][30d] yeti-791/apt-guide APT学习指南（Advanced persistent threat learning Guide）
• [64星][5y] [PS] enigma0x3/outlookpersistence
• [64星][1m] [Py] n00py/post-ex Post-exploitation scripts for OS X persistence and privesc
• [61星][1m] 3gstudent/bitsadminexec 利用bitsadmin 实现驻留，以及自动运行
• [61星][1y] [JS] dxa4481/xssoauthpersistence Maintaining account persistence via XSS and Oauth
• [58星][4y] [PS] killswitch-gui/persistence-survivability Powershell Persistence Locator
• [49星][1m] [Go] schollz/crawdad Cross-platform persistent and distributed web crawler
• [40星][3y] [PS] n0pe-sled/wmi-persistence
• [39星][22d] [C] pmem/valgrind Enhanced Valgrind for Persistent Memory
• [38星][1y] [C] ntraiseharderror/kaiser Fileless persistence, attacks and anti-forensic capabilties.
• [35星][2y] [PS] 3gstudent/office-persistence Use powershell to test Office-based persistence methods
• [34星][3y] [PS] 3gstudent/waitfor-persistence Use Waitfor.exe to maintain persistence
• [33星][3m] tom4t0/cobalt-strike-persistence cobalt strike 自启动脚本
• [30星][3y] [PS] 3gstudent/com-object-hijacking use COM Object hijacking to maintain persistence.(Hijack CAccPropServicesClass and MMDeviceEnumerator)
• [30星][10m] [PHP] echo-devim/xbackdoor A tool for the persistent XSS exploitation with a focus for mobile web browsers
• [29星][20d] [PHP] n1215/lara-todo-persistence LaravelとEloquentの永続化パターンサンプル
• [29星][7m] [PS] ahhh/wifi_trojans A collection of wireless based bind and reverse connect shells for penetration testers to use in demonstrating persistence to a network via rouge access points.
• [29星][4m] [Py] rikvanduijn/wmi-persistence
• [27星][5m] [Py] threatresponse/mad-king Proof of Concept Zappa Based AWS Persistence and Attack Platform
• [25星][2y] [Py] catalyst256/netscaler-cookie-decryptor Python application to decrypt Netscaler Load Balancer Persistence Cookies
• [21星][4m] [Shell] rustybird/qubes-split-browser Tor Browser in a Qubes DisposableVM, with persistent bookmarks and login credentials
• [20星][26d] karneades/malware-persistence Collection of malware persistence and hunting information. Be a persistent persistence hunter!
• [19星][5y] [Visual Basic .NET] enigma0x3/old-powershell-payload-excel-delivery This version touches disk for registry persistence.
• [15星][2y] [Py] nullarray/shellware Persistent bind shell via pythonic shellcode execution, and registry tampering.
• [14星][6m] [HTML] abzcoding/aptdetector Advanced Persistent Threat Detection Using Network Analysis
• [14星][19d] [C] windriver-opensourcelabs/cryptfs-tpm2 Store and restore a persistent passphrase with TPM 2.0
• [8星][4m] [PS] bspence7337/invoke-wmipersist A powershell script to create WMI Event subscription persistence
• [7星][1y] [Java] tryan18/xcom Cross-referencing network communication for detecting Advanced Persistent Threat (APT) malware
• [4星][2y] pradeepjairamani/typo3-xss-poc Typo3 -v9.1.0 Persistent Cross Site Scripting(XSS) Assigned CVE Number: CVE-2018-6905
• [3星][4y] [JS] tobypinder/ludumdare32 [Merged into /tobypinder] Apt - Advanced Persistent Threat
• [2星][2y] [Py] aroradhruv03/apthreatdetectionsys Advanced Persistent Threat /Intrusion Detection Sys
• [2星][9m] [Py] azmatt/cerebro Keyword Persistent Monitor
• [2星][3y] [JS] adrienjoly/persistent-harmony A wrapper class to create persistent javascript objects, relying on harmony proxies.
• [1星][1y] harsh2602/apt-detection-via-graph-analytics This is a public repo for the Graph Analytics project done for the Advanced and Persistent Threats (CS 594-III) during Spring Semester for 2016
• [1星][1y] security-breachlock/cve-2018-16639 Non-Persistent XSS in Typesetter CMS
• [1星][2y] [PS] subesp0x10/wmi-persistence
• [0星][1y] security-breachlock/cve-2018-16623 XSS Persistent in Kirby CMS
• [0星][1y] security-breachlock/cve-2018-16632 Persistent Cross site Scripting in Mezzanine
• [0星][1y] security-breachlock/cve-2018-17301 Non-persistent XSS in EspoCRM
• [None星][ObjC] objective-see/blockblock BlockBlock provides continual protection by monitoring persistence locations.

<a id="426ad781ce4166338e198a70e025885d"></a>文章

• 2020.03 [freebuf] 权限维持及后门持久化技巧总结
• 2020.03 [thegreenplace] Implementing Raft: Part 3 - Persistence and Optimizations
• 2020.01 [BlackHat] Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence
• 2019.11 [aliyun] 持久化研究-Scheduled Tasks
• 2019.11 [aliyun] 持久化研究-Time Providers
• 2019.11 [aliyun] Cobaltstrike Server持久化 & Cobaltstrike与Metasploit相互派生shell
• 2019.10 [HackersOnBoard] Black Hat USA 2016 Account Jumping Post Infection Persistency & Lateral Movement in AWS
• 2019.09 [4hou] 使用公共语言运行时获取持久性（下）
• 2019.09 [4hou] 使用公共语言运行时获取持久性（上）
• 2019.09 [myonlinesecurity] Some changes to Remcos Rat persistence method
• 2019.09 [netspi] Maintaining Azure Persistence via Automation Accounts
• 2019.09 [Bank] Automated host recon, persistence and exfiltration
• 2019.09 [trendmicro] Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
• 2019.08 [contextis] Common Language Runtime Hook for Persistence
• 2019.08 [trendmicro] Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response
• 2019.08 [topsec] ATT&CK之后门持久化
• 2019.08 [stealthbits] Detecting Persistence through Active Directory Extended Rights
• 2019.08 [trendmicro] LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
• 2019.07 [HackerSploit] Pivoting And Persistence With Armitage
• 2019.07 [two06] Persistence with KeePass -Part 2
• 2019.06 [two06] Persistence with KeePass - Part 1
• 2019.06 [HackmanitGmbH] RuhrSec 2019: "Don't Trust The Locals: Exploiting Persistent ...", Marius Steffens & Dr. Ben Stock
• 2019.06 [X13Cubed] Detecting Persistence in Memory
• 2019.06 [stealthbits] Domain Persistence with Subauthentication Packages
• 2019.06 [4hou] Use COM Object hijacking to maintain persistence——Hijack Outlook
• 2019.06 [0x00sec] Achieving Persistent Access to Burp Collaborator Sessions
• 2019.06 [JosephDelgadillo] Learn System Hacking E18: Persistence Module
• 2019.06 [3gstudent] Use COM Object hijacking to maintain persistence——Hijack Outlook
• 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 2 – COM Hijacking
• 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 1 – Microsoft Office
• 2019.04 [NDSSSymposium] NDSS 2019 Master of Web Puppets: Abusing Web Browsers for Persistent and Stealthy Computation
• 2019.02 [netspi] Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence
• 2019.02 [hosakacorp] systemd user persistence in metasploit
• 2019.02 [360] Chrome扩展在持久化中的应用
• 2019.02 [360] CloudGoat云靶机 Part-2：绕过CloudTrail实现持久访问
• 2019.02 [robtlee73] Leveraging Data Science to Discover Persistent Threats - SANS Threat Hunting Summit 2018
• 2019.02 [360] S4U2Self在活动目录持久化中的应用
• 2019.01 [lukeberner] How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram…
• 2019.01 [4hou] PowerShell无文件持久化技术与常用的防御绕过技术
• 2019.01 [arxiv] [1901.00620] A Secure and Persistent Memory System for Non-volatile Memory
• 2019.01 [sans] Examples of Recent APT Persistence Mechanisms
• 2019.01 [sans] Detecting Persistence with the Kansa PowerShell Framework
• 2019.01 [sans] Viewing the Nodes in the Noise: Leveraging Data Science to Discover Persistent Threat
• 2018.12 [crowdstrike] Adversary Extends Persistence by Modifying System Binaries
• 2018.12 [windowsir] Hunting and Persistence
• 2018.11 [andreafortuna] Process Injection and Persistence using Application Shimming
• 2018.10 [4hou] 仔细分析源代码也许是寻找新的持久化攻击方式的唯一办法
• 2018.10 [auth0] Credential Stuffing is a Persistent Threat to Your Users
• 2018.10 [xorrior] Persistent Credential Theft with Authorization Plugins
• 2018.10 [hexacorn] How to find new persistence tricks?
• 2018.10 [defensivedepth] Osquery Cheat Sheet – Process Interrogation & Persistence Techniques
• 2018.10 [hexacorn] Lateral Movement and Persistence: tactics vs techniques
• 2018.10 [MSbluehat] BlueHat v18 || Killsuit the equation group's swiss army knife for persistence, evasion, and data exfil
• 2018.10 [ACoD] Philo Track 1/30/18 12 Universal Persistent Bugs, Paul Vixie
• 2018.09 [sophos] The persistent nuisance of cryptomining looks set to grow
• 2018.09 [360] 如何利用Outlook Today主页实现本地持久化
• 2018.09 [bwtech789] Outlook Today Homepage Persistence
• 2018.08 [4hou] Turla Outlook 后门使用明智的策略进行隐身和持久
• 2018.08 [X13Cubed] Persistence Mechanisms
• 2018.08 [freebuf] 修改PHP扩展作为持久后门
• 2018.07 [trendmicro] The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
• 2018.07 [syspanda] 威胁狩猎: 查找恶意代码的驻留机制
• 2018.07 [obscuritylabs] Cross-Platform VPN Persistence(and phishing!) with Viscosity
• 2018.06 [redcanary] Behind the Scenes of an Active Breach (Part 1): Establishing Persistence
• 2018.05 [secjuice] My Journey Into Infosec : Persistence, persistence and yet more persistence.
• 2018.05 [ironcastle] Adding Persistence Via Scheduled Tasks, (Mon, May 7th)
• 2018.05 [sans] Adding Persistence Via Scheduled Tasks
• 2018.04 [freebuf] 利用DiskShadow服务实现免杀持久化控制以及活动目录数据库提取
• 2018.04 [oddvar] 利用Image File Execution Options中的GlobalFlags实现驻留, 绕过Autoruns.exe检测
• 2018.04 [360] DiskShadow工具介绍：VSS绕过、持久化感染和活动目录数据库提取
• 2018.03 [deepsec] Advanced and In-Depth Persistent Defence
• 2018.03 [bohops] 利用DiskShadow.exe实现VSS逃逸/驻留/Active Directory数据库提取
• 2018.03 [rastamouse] 基本的驻留策略和技巧
• 2018.03 [oddvar] 利用RunOnceEx实现驻留, 能够躲避Autoruns.exe监测
• 2018.03 [virusbulletin] VB2017 paper: The life story of an IPT - Inept Persistent Threat actor
• 2018.03 [misteralfa] [Facebook][ F5 BIG-IP ] PERSISTENCE COOKIE INFORMATION LEAKAGE
• 2018.03 [360] 利用INF-SCT获取并进行绕过、规避和持久化技术
• 2018.03 [bohops] Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2)
• 2018.03 [4hou] 利用INF-SCT文件执行绕过，规避查杀和持久性的技术
• 2018.03 [stealthbits] Creating Persistence with DCShadow
• 2018.02 [bohops] 执行INF-SCT文件的若干方式(LaunchINFSection),实现绕过/躲避杀软/驻留. (INF-SCT: INF配置文件中配置的SCT文件)
• 2018.02 [bohops] Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction
• 2018.02 [nextplatform] Momentum Gathers for Persistent Memory Preppers
• 2018.02 [vimeo] Introduction to INNUENDO's New Persistence Framework
• 2018.01 [stealthbits] Gain System Access and Persistence with SQL Native Attacks – SQL Attacks
• 2018.01 [f5] Cookies, Sessions, and Persistence
• 2018.01 [freebuf] 来自后方世界的隐匿威胁：后门与持久代理（二）
• 2017.12 [freebuf] Cobalt Strike实战技巧持久性权限控制姿势
• 2017.12 [paloaltonetworks] Abusing the Service Control Manager to Establish Persistence for Non-Service App
• 2017.12 [securestate] Quick Reference: Empire Persistence Modules
• 2017.11 [countercept] Hunting for Junction Folder Persistence
• 2017.11 [malwarebytes] 挖矿新姿势: 使用浏览器访问内嵌 JS挖矿脚本的网站之后, 即便关闭浏览器, 挖矿依然在继续
• 2017.11 [countercept] Hunting for Junction Folder Persistence
• 2017.10 [digitalforensicstips] Persistent Monitoring on a Budget
• 2017.10 [stealthbits] Attack Step 3: Persistence with NTFS Extended Attributes – File System Attacks
• 2017.10 [freebuf] 来自后方世界的隐匿威胁：后门与持久代理(一）
• 2017.09 [harmj0y] An ACE in the Hole - Stealthy Host Persistence via Security Descriptors
• 2017.09 [nats] Guest Post: Use cases for persistent logs with NATS Streaming
• 2017.08 [3gstudent] Use Logon Scripts to maintain persistence
• 2017.08 [3gstudent] Use COM Object hijacking to maintain persistence——Hijack explorer.exe
• 2017.08 [3gstudent] Use COM Object hijacking to maintain persistence——Hijack CAccPropServicesClass and MMDeviceEnumerator
• 2017.08 [360] BadGPO：组策略对象在持久化及横向渗透中的应用
• 2017.07 [activecanopy] May QBot Persistence and Attack Details
• 2017.07 [3gstudent] Use msdtc to maintain persistence
• 2017.07 [paloaltonetworks] TwoFace Webshell: Persistent Access Point for Lateral
• 2017.07 [3gstudent] Use CLR to maintain persistence
• 2017.07 [3gstudent] Office Persistence on x64 operating system
• 2017.07 [virusbulletin] Advanced and inept persistent threats to be discussed at VB2017
• 2017.07 [3gstudent] Use Office to maintain persistence
• 2017.06 [stealthbits] Persistence using AdminSDHolder and SDProp
• 2017.06 [4hou] Active Directory权限持久控制之恶意的安全支持提供者(SSP)
• 2017.06 [3gstudent] Use AppDomainManager to maintain persistence
• 2017.06 [3gstudent] Use Waitfor.exe to maintain persistence
• 2017.06 [csyssec] 内存持久战之防御措施
• 2017.06 [blacksunhackers] 利用 AppVerifier 实现函数Hook 及驻留
• 2017.05 [csyssec] 内存持久战之内存安全性
• 2017.05 [trustedsec] Episode 2.7 Tavis breaks the Internet, Executive Orders, Diskless Persistence Methods, and more!
• 2017.05 [freebuf] 如何创建Powershell持久隐蔽后门
• 2017.05 [4hou] Active Directory域渗透的权限持久控制之组策略
• 2017.05 [360] PowerShell注入技巧：无盘持久性和绕过技术
• 2017.05 [fireeye] FIN7 组织使用数据库(.sdb后缀)实现驻留
• 2017.05 [binarydefense] PowerShell Injection with Fileless Payload Persistence and Bypass Techniques
• 2017.04 [4hou] 利用Office加载项进行持久化控制的6种姿势
• 2017.04 [360] 利用Office插件实现恶意程序持久化
• 2017.04 [mwrinfosecurity] Add-In Opportunities for Office Persistence
• 2017.04 [4hou] 零日漏洞DoubleAgent的代码注入和持久性攻击技术分析
• 2017.03 [puri] Yet Another EFI/UEFI Exploit, this one Utilizing NVRAM and Persistent Storage
• 2017.03 [DemmSec] Guide to Pentesting - Episode 18 - Persistence
• 2017.02 [auth0] Serverless REST API with Angular, Persistence and Security
• 2017.01 [adsecurity] Sneaky Persistence Active Directory Trick #18: Dropping SPNs on Admin Accounts for Later Kerberoasting
• 2016.11 [vkremez] Netcat Shell and Persistence
• 2016.10 [n00py] Using email for persistence on OS X
• 2016.10 [Cooper] Hack.lu 2016 badGPO - Using GPOs for Persistence and Lateral Movement
• 2016.09 [3gstudent] Netsh persistence
• 2016.09 [360] 使用Netshell执行恶意DLL并实现对目标主机的持久化攻击
• 2016.09 [endgame] How to Hunt: Detecting Persistence & Evasion with the COM
• 2016.09 [deepsec] DeepSec2016 Talk: badGPO – Using GPOs for Persistence and Lateral Movement – Yves Kraft & Immanuel Willi
• 2016.08 [blacksunhackers] Post Exploitation Persistence With Application Shims (Intro)
• 2016.08 [radware] Dry Lighting Cracks against the Cloud: The Rise of the Advanced Persistent DoS (APDoS)
• 2016.08 [netspi] Establishing Registry Persistence via SQL Server with PowerUpSQL
• 2016.07 [objective] Analyzing 'Mac File Opener' Persistence
• 2016.07 [paloaltonetworks] Technical Walkthrough: Office Test Persistence Method Used In Recent Sofac
• 2016.07 [malwarebytes] Untangling Kovter’s persistence methods
• 2016.07 [korznikov] RCE by abusing NAC to gain Domain Persistence.
• 2016.06 [sentinelone] Persistence Makes Perfect
• 2016.06 [k7computing] Interesting Persistence Technique
• 2016.06 [k7computing] Interesting Persistence Technique
• 2016.06 [imperva] Black Hat SEO attacks: Persistent Multi-Vector Attacks Prey on Thousands of Legitimate Websites
• 2016.05 [enigma0x3] Userland Persistence with Scheduled Tasks and COM Handler Hijacking
• 2016.05 [cybereason] Cybereason, SANS Webinar: The End of IOCs: A Case Study on Resolving Persistent Attacks Using Tactics, Techniques, and Procedures
• 2016.05 [cmu] Persistent Little IP, Aren't You?
• 2016.05 [room362] WPAD Persistence ·
• 2016.05 [zonksec] Persistence Aggressor Script
• 2016.04 [welivesecurity] Insider threats: A persistent and widespread problem
• 2016.04 [jerrygamblin] Persistent Reverse-SSH Tunnel on a RaspberryPi
• 2016.04 [nextplatform] Programming For Persistent Memory Takes Persistence
• 2016.04 [netspi] Maintaining Persistence via SQL Server – Part 2: Triggers
• 2016.03 [adsecurity] Sneaky Active Directory Persistence #17: Group Policy
• 2016.03 [adsecurity] Sneaky Active Directory Persistence #16: Computer Accounts & Domain Controller Silver Tickets
• 2016.03 [netspi] Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures
• 2016.02 [powershellempire] Nothing Lasts Forever: Persistence with Empire
• 2016.02 [checkpoint] HummingBad: A Persistent Mobile Chain Attack | Check Point Software Blog
• 2016.02 [cybereason] NSA: Hackers use persistence, not zero days, to breach companies
• 2016.01 [countercept] Effective Persistent Threats - Sophistication, Economics & Complexity
• 2016.01 [acolyer] Blurred Persistence: Efficient Transactions in Persistent Memory
• 2016.01 [] 自建CDN防御DDoS（1）：知己知彼，建设持久防线
• 2015.12 [arno0x0x] Configure Fail2Ban for permanent and persistent bans
• 2015.12 [rapid7] 12 Days of HaXmas: Advanced Persistent Printer
• 2015.11 [malwarejake] Kerberos silver tickets - unique attacker persistence
• 2015.11 [secist] 详解：kali之持久加密U盘的制作
• 2015.10 [] 巧用DSRM密码同步将域控权限持久化
• 2015.10 [freebuf] 域控权限持久化之DSRM
• 2015.10 [room362] DotNet's DNVM For Persistence On Developer Machines ·
• 2015.10 [cybereason] A New Persistent Attack Methodology Targeting Microsoft OWA
• 2015.09 [cybertriage] Maximizing Your Non-Persistent Agent’s Effectiveness
• 2015.08 [cybertriage] Do You Need Persistent Agents to Fight Persistent Threats?
• 2015.08 [secist] MSF之persistence权限维持
• 2015.07 [shellntel] Using PowerShell & Unicorn to Get Persistence
• 2015.04 [paragonie] Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies)
• 2015.02 [virusbulletin] VB2014 paper: Caphaw - the advanced persistent pluginer
• 2015.01 [insinuator] The Persistent Problem of State in IPv6 (Security)
• 2014.11 [begriffs] Type-Safe DB Access with Persistent
• 2014.10 [firebitsbr] Setar variável persistente do $GOPATH no Fedora 20
• 2014.10 [enigma0x3] Persistence using Microsoft Outlook
• 2014.10 [knapsy] Persistence VM Writeup
• 2014.09 [leonjza] From Persistence
• 2014.09 [room362] OSX Persistence via PHP Webshell ·
• 2014.09 [sans] Odd Persistent Password Bruteforcing
• 2014.09 [kaspersky] A solution for small businesses’ persistent IT security issues
• 2014.07 [securityintelligence] Citadel’s New Trick: Persistent Device Remote Control
• 2014.07 [malwarebytes] PUPS are Persistent
• 2014.06 [bluescreenofjeff] Semi-Persistence
• 2014.06 [trendmicro] Best security practices for preventing advanced persistent attacks
• 2014.05 [offensive] Kali Encrypted USB Persistence
• 2013.12 [welivesecurity] Did you say "Advanced" Persistent Threats?
• 2013.08 [wordfence] Got a persistent scraper? Here’s how to deal with them, permanently!
• 2013.07 [windowsir] HowTo: Detecting Persistence Mechanisms
• 2013.05 [firebitsbr] Exploit Python – F5 BIG-IP Cookie Persistence
• 2012.10 [trendmicro] PE_XPAJ: Persistent File Infector
• 2012.08 [privacy] Shaping Tomorrow’s Security Today 4: Advanced Persistent Protection
• 2011.10 [krebsonsecurity] Chasing APT: Persistence Pays Off
• 2011.09 [trendmicro] The Persistent Threat of Fake AV
• 2011.08 [securityinnovation] Use Named Queries with Java Persistence API (JPA)
• 2011.05 [krebsonsecurity] Advanced Persistent Tweets: Zero-Day in 140 Characters
• 2010.12 [immunityinc] Aleatory Persistent Threat
• 2010.10 [sans] Digital Forensics: Persistence Registry keys
• 2010.09 [depthsecurity] Super-Persistent Cookies - evercookie JavaScript API
• 2010.08 [trendmicro] The Persistence of FAKEAV
• 2010.08 [immunityinc] Aleatory Persistent Threat
• 2010.04 [rapid7] Persistent Meterpreter over Reverse HTTPS
• 2005.02 [sans] More CA BrightStor ARCserve Backup... Is your IDS/IPS Dead?... And Persistent Netcat Listener with While Loop
• 2003.04 [imperialviolet] Persistence

<a id="e63f08b4b1c54539573027e192270441"></a>文章-pentestlab

• 2020.05 [pentestlab] Persistence – COM Hijacking
• 2020.03 [pentestlab] Persistence – DLL Hijacking
• 2020.02 [pentestlab] Persistence – RID Hijacking
• 2020.02 [pentestlab] Persistence – WaitFor
• 2020.01 [pentestlab] Persistence – Modify Existing Service
• 2020.01 [pentestlab] Persistence – Winlogon Helper DLL
• 2020.01 [pentestlab] Persistence – Image File Execution Options Injection
• 2020.01 [pentestlab] Persistence – AppInit DLLs
• 2020.01 [pentestlab] Persistence – Change Default File Association
• 2019.12 [pentestlab] Persistence – Application Shimming
• 2019.12 [pentestlab] Persistence – Office Application Startup
• 2019.11 [pentestlab] Persistence – Accessibility Features
• 2019.11 [pentestlab] Persistence – PowerShell Profile
• 2019.11 [pentestlab] Persistence – Scheduled Tasks
• 2019.10 [pentestlab] Persistence – BITS Jobs
• 2019.10 [pentestlab] Persistence – Netsh Helper DLL
• 2019.10 [pentestlab] Persistence – Port Monitors
• 2019.10 [pentestlab] Persistence – Time Providers
• 2019.10 [pentestlab] Persistence – Security Support Provider
• 2019.10 [pentestlab] Persistence – Screensaver
• 2019.10 [pentestlab] Persistence – Shortcut Modification
• 2019.10 [pentestlab] Persistence – New Service
• 2019.10 [pentestlab] Persistence – Registry Run Keys

<a id="396a097eb8cc253fd43f518f1ea43168"></a>文章-恶意代码

• 2020.01 [fortinet] Using a Security-Driven Network to Address Persistent IoT Botnets
• 2019.11 [flashpoint] Threat Actors Demonstrate Persistent Interest in ATM Malware
• 2019.09 [4hou] 剖析僵尸网络使用的多种持久化方法：MyKings新变种分析
• 2019.09 [4hou] 垃圾邮件攻击活动滥用PHP函数实现驻留，并使用被入侵的设备绕过检测
• 2019.09 [trendmicro] Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
• 2019.08 [sentinelone] Gootkit Banking Trojan | Part 2: Persistence & Other Capabilities
• 2019.05 [proofpoint] New KPOT v2.0 stealer brings zero persistence and in-memory features to silently steal credentials
• 2019.05 [sans] Finding Registry Malware Persistence with RECmd
• 2019.04 [sans] Offline Autoruns Revisited - Auditing Malware Persistence
• 2019.01 [ColinHardy] Using WhatsApp for Malware Persistence
• 2018.10 [arxiv] [1810.07321] Malware triage for early identification of Advanced Persistent Threat activities
• 2018.07 [sucuri] Persistent Malicious Redirect Variants
• 2018.06 [az4n6] Malicious PowerShell in the Registry: Persistence
• 2018.05 [lastline] Web Security for Advanced Malware and Persistent Threats – Revisited
• 2018.05 [virusbulletin] Hide'n'Seek IoT botnet adds persistence
• 2018.05 [secplicity] The Hide ‘N Seek IoT Botnet Just Unlocked a New Achievement: Persistence
• 2018.05 [bitdefender] Hide and Seek IoT Botnet resurfaces with new tricks, persistence
• 2018.03 [vkremez] Let's Learn: Internals of Iranian-Based Threat Group "Chafer" Malware: Autoit and PowerShell Persistence
• 2018.03 [lastline] The Persistent Threat of Account and Identity Theft Malware
• 2018.01 [cylance] Threat Spotlight: Kovter Malware Fileless Persistence Mechanism
• 2018.01 [hyperiongray] Malicious Excel DDE Execution with ML AV Bypass and Persistence
• 2017.10 [vmray] Persistent Emotet Malware with a Crafty Social Engineering Technique
• 2017.10 [vmray] Persistent Emotet Malware with a Crafty Social Engineering Technique
• 2017.10 [angelalonso] Analysis of a malicious DOC used by Turla APT group; hunting persistence via PowerShell
• 2017.09 [vkremez] Let's Learn: Reversing Trickbot Banking Trojan's New "WormShare" Persistence Module
• 2017.08 [vmray] Poweliks Malware – Filelessly Persistent
• 2017.07 [trustedsec] Episode 2.8 – NSA and Exploit Tools, Petya, Russia, and Ransomware, systemd, Deathstar, and Office persistence methods
• 2017.05 [hshrzd] 作者之前发布“诡异的恶意代码驻留方式”，一些读者询问 extension handler 劫持的细节，于是作者在这篇 Blog 中做了详细解析。
• 2017.05 [tarlogic] Persistence in WordPress using backdoors in SQL
• 2016.11 [vkremez] Post Exploitation: Persistence and Backdoor
• 2016.10 [securitygossip] Persistent Data-only Malware: Function Hooks Without Code
• 2016.10 [sjtu] Persistent Data-only Malware: Function Hooks Without Code
• 2016.06 [esentire] Malware and Advanced Persistent Threats - How Long is Too Long to go Undetected?
• 2016.04 [cybrary] S3SS10N Wednesday – Malware Persistence 101
• 2016.03 [airbuscybersecurity] Fileless Malware – A Behavioural Analysis Of Kovter Persistence
• 2015.09 [wroot] Babadook: Connection-less Powershell Persistent and Resilient “Backdoor”
• 2015.06 [f5] Slave Malware Analysis: Evolving from IBAN Swaps to Persistent Webinjects
• 2015.06 [securelist] The Duqu 2.0 persistence module
• 2015.06 [openanalysis] Malware Persistence: HKEY_CURRENT_USER Shell Extension Handlers
• 2015.05 [jumpespjump] Many ways of malware persistence (that you were always afraid to ask)
• 2014.10 [virusbulletin] Paper: Invading the core: iWorm's infection vector and persistence mechanism
• 2014.10 [virusbulletin] VB2014 paper: Methods of malware persistence on Mac OS X
• 2014.10 [f5] Tinba Malware: Domain Generation Algorithm Means New, Improved, and Persistent
• 2014.08 [virusbulletin] VB2014 preview: Methods of malware persistence on Mac OS X
• 2014.07 [securityintelligence] Bootkits: Deep Dive Into Persistence Mechanisms Used by Bootkits at HOPE X Conference
• 2014.01 [igorkorkin] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence - Part 4
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence - Part 3
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence - Part 2
• 2013.03 [sans] Wipe the drive! Stealthy Malware Persistence Mechanism - Part 1
• 2012.09 [trendmicro] Advanced Persistent Response Thwarts Malicious Digital Insider
• 2012.06 [mcafee] Combating Malware and Advanced Persistent Threats
• 2012.03 [pentestlab] Metasploit Persistent Backdoor
• 2004.09 [sans] System Store Trojan, Infection Persistence, Save the Pr0n

<a id="91f798eff3ccabbbb76ab957994aec46"></a>文章-hackingarticles

• 2020.05 [hackingarticles] Persistence: Accessibility Features
• 2020.04 [hackingarticles] Domain Persistence: Golden Ticket Attack
• 2020.04 [hackingarticles] Persistence: RID Hijacking

贡献

内容为系统自动导出, 有任何问题请提issue