Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte
Changed three lines of code that do the following:
Support expanding environment variables used in some persistence entries such as %windir% which do not get expanded and signatures are not checked as a result
Regex check for specific file extensions is case sensitive, so ignore case was added
Scheduled task persistence entries did not include command arguments, so those were added to the entry
That's it!
Changed three lines of code that do the following: