search

last-byte / PersistenceSniper

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
Other
1.83k stars 180 forks source link

[Feature Request] Hunting persistence in OS Disk images. #10

Closed geekypanda411 closed 1 year ago

geekypanda411 commented 1 year ago

Amazing tool, has helped me multiple times. Thank you for making it. I just had a feature request, while for active system this tool does wonders, can it be moded to also support disk images of OS drive? I believe some persistence techniques will be visible work in such a case but still would be a big help for DFIR people dealing with just a device image. Let me know if this is possible/in works I can help although I'm not very good at powershell still more hands might help.

Again thanks a lot.

geekypanda411 commented 1 year ago

Amazing tool, has helped me multiple times. Thank you for making it. I just had a feature request, while for active system this tool does wonders, can it be moded to also support disk images of OS drive? I believe some persistence techniques will be visible work in such a case but still would be a big help for DFIR people dealing with just a device image. Let me know if this is possible/in works I can help although I'm not very good at powershell still more hands might help.

Again thanks a lot.

Sorry, didn't see the previous one on the same topic, I have marked this as Not planned.