The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.
Expect more. I am doing my best to add new entries each day.
How it works. And how to contribute.
👨💼 HKCU Run and RunOnce registry keys
👨💼 ⚙ Task Scheduler
⚙ Image File Execution Options key
⚙ Natural Language Development Platform 6 DLLs *
⚙ Filter Handlers for Windows Search
👨💼 .chm helper DLL *
⚙ Winlogon Notification Package
👨💼 HKCU Load
⚙ Windows Platform Binary Table
👨💼 Startup Folder
👨💼 User Init Mpr Logon Script *
⚙ Autodial DLL *
⚙ IFilter
Want more? Check the list tomorrow. :)
* Based on a research made by @Hexacorn - one of the best persistence hunters.
⚙ It is enough to turn computer on to make the code run.
👨💼 End-user can do it.