PersistenceSniper v1.17.1

This release expands and enhances the detections for the techniques implemented in v1.17.0. It also enhances the SetupExecute detection in order to find persistences deployed through SetupExecuteNoPnpSync.

PersistenceSniper v1.17.0

This release adds 4 new detections bringing the total to 60 persistence techniques implemented.

PersistenceSniper v1.16.3

This release implements a number of bugs on the module when run through PSRemoting.

PersistenceSniper v1.16.1

This release implements a fix for the GhostTask detection.

PersistenceSniper v1.16.0

This release implements detections for 2 new persistence techniques (Boot Verification Program Hijacking and App Init DLLs Injection) as well as fix a false positive in the Suborner Attack as reported by @strassi.

PersistenceSniper v1.15.1

This release fixes a gap in the detection of persistences relying on Powershell. The bug was in the Get-IfSafeExecutable function, which calls Get-IfLolbin function, which in turn does not list Powershell.exe as a LOLBin.

PersistenceSniper v1.15.0

This release implements detections for the GhostTask technique.

PersistenceSniper v1.14.0

This release implements a detection for the DSRM backdoor in Domain Controllers, as well as a bug in the Parse-NetUser internal function.

PersistenceSniper v1.13.0

This release implements detection for RID hijacking and the Suborner attack.

PersistenceSniper v1.12.1

This release implements a fix for the Accessibility Tools persistence detection which, up to 1.12.0, did not look for Utilman.exe hijacking.