PersistHound is a Python script designed to help Blue Teams, Incident Responders, and System Administrators detect and eliminate persistence mechanisms in Windows systems. This tool provides an arsenal of detection techniques to proactively track down and neutralize potential threats, enhancing the security of your Windows environment.
Just run it !
#Basic usage
python PersistHound.py- Run Key
- RunOnce Key
- RunOnceEx Key
- RunServices Key
- RunServicesOnce Key
- Windows policy Settings Run Key
- Image File Execution Options - Debugger
- Image File Execution Options - GlobalFlag
- Winlogon Userinit
- Winlogon Shell
- Winlogon Notify Packages DLL
- WMI Subscriptions
- Windows Services
- Scheduled Tasks
- Startup Folders
- Natural Language Development Platform 6 DLL Override Path
- AEDebug Keys
- LSA SSP DLLs
- LSA Authentication Packages DLL ❌
- LSA Extensions DLL ❌
- Windows Error Reporting Debugger ❌
- Windows Error Reporting ReflectDebugger ❌
- Command Prompt AutoRun ❌
- Explorer Load ❌
- Windows Terminal startOnUserLogin ❌
- AppCertDlls DLL Injection ❌
- App Paths Hijacking ❌
- ServiceDll Hijacking ❌
- Group Policy Extensions DLLs ❌
- Winlogon MPNotify ❌
- CHM Helper DLL ❌
- Hijacking of hhctrl.ocx ❌
- User Init Mpr Logon Script ❌
- AutodialDLL Winsock Injection ❌
- ServerLevelPluginDll DNS Server DLL Hijacking ❌
- Explorer Tools Hijacking ❌
- .NET DbgManagedDebugger ❌
- ErrorHandler.cmd Hijacking ❌
- Terminal Services InitialProgram ❌
- Accessibility Tools Backdoor ❌
- AMSI Providers ❌
- Powershell Profiles ❌
- Silent Exit Monitor ❌
- Telemetry Controller ❌
- RDP WDS Startup Programs ❌
- BITS Jobs NotifyCmdLine ❌
- Power Automate ❌
- Screensaver ❌
- Office Templates ❌
- Office AI.exe Hijacking ❌
- Explorer Context Menu Hijacking ❌
- Service Control Manager Security Descriptor Manipulation ❌
- RID Hijacking ❌
- Suborner Technique ❌
This project is juste a python adaptation of the PersistenceSniper project. I extend my gratitude to the creators and contributors of PersistenceSniper for their pioneering work, which served as a significant inspiration.