Persistence
Resources About Persistence, Multiple Platforms. Including ~80 Tools and 300+ Posts.
Install / Use
/learn @alphaSeclab/PersistenceREADME
所有收集类项目
Persistence
- 跟驻留/持久化有关的工具和文章,多平台。包括80个工具和350左右文章。
- English Version
目录
- Windows -> (8)工具 (42)文章
- Linux -> (1)工具 (3)文章
- macOS -> (10)文章
- Android -> (2)工具 (3)文章
- iOS -> (2)工具 (1)文章
- 新添加
<a id="778ee28406147330e50ce8e39e1e0510"></a>Windows
<a id="a563fd944f51033ab1823cc51ce5cc84"></a>工具
- [336星][4m] [C#] fireeye/sharpersist Windows persistence toolkit
- [107星][12m] [PS] r4wd3r/rid-hijacking Windows RID Hijacking persistence technique
- [98星][5y] [PS] enigma0x3/invoke-altdsbackdoor obtain persistence on a Windows 7+ machine under both Standard and Administrative accounts by using two Alternate Data Streams
- [66星][3y] [Py] darkquasar/wmi_persistence Python脚本,直接解析 OBJECTS.DATA 文件(无需访问用户WMI 名称空间)查找 WMI persistence
- [60星][2m] [Go] giuliocomi/backoori Tool aided persistence via Windows URI schemes abuse
- [17星][8m] [Go] mthbernardes/badarchitect Abusing SketchUp to make persistence on Windows
- [6星][4m] [C] 1captainnemo1/persistentcreverseshell A PERSISTENT FUD Backdoor ReverseShell coded in C for any Windows distro, that will make itself persistent on every BOOT and fire a decoy app in the foreground while connecting back to the attacker machine as a silent background process , spawning a POWERSHELL on the attacker machine.
- [5星][4m] [C++] rtcrowley/offensive-netsh-helper Maintain Windows Persistence with an evil Netshell Helper DLL
<a id="9473a67a0be440ab564685f35d01322b"></a>文章
- 2020.04 [hackingarticles] Windows Persistence using Netsh
- 2020.04 [hackingarticles] Windows Persistence using Bits Job
- 2020.04 [hackingarticles] Windows Persistence using WinLogon
- 2020.01 [hackingarticles] Windows Persistence using Application Shimming
- 2020.01 [hackingarticles] Multiple Ways to Persistence on Windows 10 with Metasploit
- 2020.01 [pentestlab] Persistence – WMI Event Subscription
- 2019.10 [secjuice] Abusing Windows 10 Narrator 'Feedback-Hub' for Fileless Persistence
- 2019.10 [aliyun] windows中常见后门持久化方法总结
- 2019.07 [rootedconmadrid] Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [RootedCON2019-ENG]
- 2019.07 [rootedconmadrid] Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [RootedCON2019-ESP]
- 2019.05 [mdsec] Persistence: “the continued or prolonged existence of something”: Part 3 – WMI Event Subscription
- 2019.05 [remoteawesomethoughts] Windows 10 - Task Scheduler service - Privilege Escalation/Persistence through DLL planting
- 2019.03 [hackingarticles] Windows Persistence with PowerShell Empire
- 2019.02 [freebuf] 常见的几种windows后门持久化方式
- 2019.01 [fuzzysecurity] Windows用户模式下恶意软件驻留方式汇总(2014年11月)
- 2019.01 [4hou] 如何检测并清除WMI持久化后门
- 2018.10 [4hou] 利用Windows库文件进行持久化攻击
- 2018.10 [aliyun] 如何检测并清除WMI持久性后门
- 2018.10 [360] 如何滥用Windows库文件实现本地持久化
- 2018.10 [countercept] Abusing Windows Library Files for Persistence
- 2018.10 [countercept] Abusing Windows Library Files for Persistence
- 2018.09 [oddvar] Persistence using Universal Windows Platform apps (APPX)
- 2018.08 [swordshield] Sticking Around: Common Windows Malware Persistence Mechanisms
- 2018.07 [BSidesTLV] Abusing WMI Providers For Persistence - Philip Tsukerman
- 2018.05 [pentestingexperts] Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I
- 2018.04 [infosecinstitute] Advance Persistent Threat - Lateral Movement Detection in Windows Infrastructure - Part II
- 2018.03 [infosecinstitute] Advance Persistent Threat – Lateral Movement Detection in Windows Infrastructure – Part I
- 2017.03 [360] DoubleAgent:代码注入和持久化技术--允许在任何Windows版本上控制任何进程
- 2017.01 [inspired] WMI Persistence with Cobalt Strike
- 2016.09 [4hou] 如何在系统日志中记录WMI Persistence?
- 2016.09 [4hou] Study Notes of WMI Persistence using wmic.exe
- 2016.08 [3gstudent] Study Notes of WMI Persistence using wmic.exe
- 2016.07 [JackkTutorials] How to make a persistent backdoor (Metasploit / Kali Linux)
- 2016.06 [rootedconmadrid] Abel Valero - Windows BootKits: Como analizar malware persistente en MBR/VBR [RootedCON 2016 - ESP]
- 2016.06 [rootedconmadrid] Abel Valero - Windows BootKits: Como analizar malware persistente en MBR/VBR [RootedCON 2016 - ENG]
- 2016.04 [sans] Windows Command Line Persistence?
- 2016.04 [windowsir] Cool Stuff, re: WMI Persistence
- 2016.03 [quarkslab] Windows Filtering Platform: Persistent state under the hood
- 2015.09 [blackmoreops] Create Kali Bootable Installer USB Drive in Windows 10 (Kali Bootable Non-Persistence USB Drive)
- 2013.09 [cylance] Windows Registry Persistence, Part 2: The Run Keys and Search-Order
- 2013.08 [cylance] Windows Registry Persistence, Part 1: Introduction, Attack Phases and Windows Services
- 2012.11 [sans] Case Leads: DFIR Lessons from Sandy; The Advanced Persistent Intruder; The Secure Breach; Windows8 Forensics; South Carolina Tax Info Protected by "TWO FIREWALLS"
<a id="d85c33dfafdf2941e8865e38d7abdc70"></a>Linux
<a id="3fff7861fe9a68d96798413b150bf775"></a>工具
- [433星][4m] [Shell] d4rk007/redghost 用bash编写的Linux后渗透框架,旨在帮助red团队进行持久性、侦察、特权升级和不留痕迹
<a id="edadf03a82a99fb2d7bfda27c4d320d4"></a>文章
- 2018.11 [topsec] Linux下的Rootkit驻留技术分析
- 2018.11 [freebuf] [Linux下的Rootkit驻留技术分析]
View on GitHub85/100
Security Score
Audited on Feb 14, 2026
No findings