Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/testingpens/malwarepersistencescripts

A collection of scripts I've written to help red and blue teams with malware persistence techniques.
https://github.com/testingpens/malwarepersistencescripts

blueteam living-off-the-land malware persistence powershell redteam

Last synced: 3 months ago
JSON representation

A collection of scripts I've written to help red and blue teams with malware persistence techniques.

Awesome Lists containing this project

README 

        
# Malware Persistence Scripts

A collection of scripts I've written to help red and blue teams with malware persistence techniques. I take no responsibility for how they're used.

## Red Team Goals

These are techniques that I regularly use to ensure that my agents can survive reboots. Majority of my persistence scripts are written in PowerShell since it's an excuse for me to learn it. May these scripts help you evade many a blue team.

## Blue Team Goals

I'm trying to help blue teams to add robust rule sets to their detection techniques. Most of the time I try to focus on simple userland tactics which don't require privilege escalation. Additionally, I try to find ways to trigger my agents based on user behaviour rather than system behaviour. May these techniques help you catch those pesky hackers.

## Scripts

### user_event_persistence.ps1

It looks through newest 500 events in the Windows event logs on the target system and schedules a user task, using the most commonly occurring event ID as a trigger, to run a specified application.