Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hasherezade/persistence_demos

Demos of various (also non standard) persistence methods used by malware
https://github.com/hasherezade/persistence_demos

Last synced: about 2 months ago
JSON representation

Demos of various (also non standard) persistence methods used by malware

Host: GitHub
URL: https://github.com/hasherezade/persistence_demos
Owner: hasherezade
Created: 2017-05-16T09:08:47.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2023-03-05T17:01:14.000Z (over 1 year ago)
Last Synced: 2024-04-15T12:37:22.781Z (5 months ago)
Language: C++
Size: 67.4 KB
Stars: 215
Watchers: 15
Forks: 47
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-malware-persistence - hasherezade persistence demos - Various (also non standard) persistence methods used by malware for testing own detection, among others COM hijacking demo is found in the repo. (Detection Testing / Windows)

README

# persistence_demos

[![Build status](https://ci.appveyor.com/api/projects/status/wr9barnysm7ovfgi?svg=true)](https://ci.appveyor.com/project/hasherezade/persistence-demos)

Demos for the presentation ["Wicked malware persistence methods"](https://speakerdeck.com/hshrzd/wicked-malware-persistence-methods).

+ com_hijack - loads a demo DLL via COM hijacking
+ extension_hijack - hijacks extensions handlers in order to run a demo app while the file with the given extension is opened
+ shim_persist - installs a shim that injects a demo DLL into explorer.exe
+ restricted_directory - drops a PE into a restricted directory (that cannot be accessed or deleted), and launches it