PersistenceSniper v1.16.0

This release implements detections for 2 new persistence techniques (Boot Verification Program Hijacking and App Init DLLs Injection) as well as fix a false positive in the Suborner Attack as reported by @strassi.

PersistenceSniper v1.15.1

This release fixes a gap in the detection of persistences relying on Powershell. The bug was in the Get-IfSafeExecutable function, which calls Get-IfLolbin function, which in turn does not list Powershell.exe as a LOLBin.

PersistenceSniper v1.15.0

This release implements detections for the GhostTask technique.

PersistenceSniper v1.14.0

This release implements a detection for the DSRM backdoor in Domain Controllers, as well as a bug in the Parse-NetUser internal function.

PersistenceSniper v1.13.0

This release implements detection for RID hijacking and the Suborner attack.

PersistenceSniper v1.12.1

This release implements a fix for the Accessibility Tools persistence detection which, up to 1.12.0, did not look for Utilman.exe hijacking.

PersistenceSniper v1.12.0

This release fixes a bug in the OutputCSV parameter, which up to version 1.11.0 would included false positives filtered out by the DiffCSV parameter, as well as implementing support for logging the output of the tool to the Windows Event Log, thanks to Antonio Blescia.

PersistenceSniper v1.11.0

This release fixes a bug in the CmdAutoRun detection and adds three new detections. Check CHANGELOG.

PersistenceSniper v1.10.1

This release fixes a bug in the DiffCSV parameter.

PersistenceSniper v1.9.3

This release adds support for checking artefacts against Virustotal through its APIs (you need a valid API key) using the -VTApiKey parameter and implements detections for malicious Office templates.