Awesome Malware Persistence Overview

A curated list of awesome malware persistence tools and resources.

馃彔 Home馃敟 Feed馃摦 Subscribe鉂わ笍 Sponsor馃樅 Karneades/awesome-malware-persistence猸 76馃彿锔 Security

[ Daily / Weekly / Overview ]

Awesome Malware Persistence Awesome

A curated list of awesome malware persistence tools and resources.

Malware persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

Main article about malware persistence (猸118) with more context and information.

Contents

Techniques

Persistence techniques and detection.

Generic

Linux

macOS

Windows

Firmware

Persistence Removal

Tools and commands for persistence mechanisms removal. Beside the tools mentioned below, use standard OS commands to remove the persistence.

Generic

Windows

Detection Testing

Tools for testing detections. Use the techniques described in Persistence Techniques to create these files or add the configuration changes by hand to test your detections.

Prevention

Tools for preventing malicious persistence.

macOS

Collection

Tools for persistence collection.

Generic

Linux

There is no dedicated persistence collection tool for Linux I'm aware of. Use some of the tools from #General or standard OS commands for collection. Thanks for contributing links to Linux specific persistence collection tools.

macOS

Windows

Contributing

Contributions welcome! Read the contribution guidelines first.