persistence toolkit. 22 different techniques for making sure something survives reboots, log-offs, and cleanup attempts.
covers the usual suspects and some less common ones:
- registry: Run/RunOnce keys, Winlogon Shell/Userinit, Image File Execution Options, AppInit_DLLs, shell extensions
- scheduled tasks: via COM (ITaskService) and schtasks fallback
- services: creates a Windows service with auto-start, optional failure recovery
- COM hijack: registers a COM object under HKCU so it loads when any app uses that CLSID
- WMI events: permanent event subscription that fires on the interval you set
- startup folder: shortcut in shell:startup with optional delay
- DLL search order: drops a DLL where a known program will load it first
- screensaver: sets your binary as the screensaver exe
- accessibility: replaces sethc.exe / utilman.exe (classic sticky keys trick)
- explorer load: uses the Explorer\Load registry value
- ADS: hides payload in an alternate data stream
each method has an install and uninstall function. you can combine multiple methods for redundancy.
cl /std:c++17 /EHsc install_guard.cpp
needs install_guard.cpp and compat.h.
strictly for authorized security testing. don't install persistence on machines you don't own.
