Question 1

What's the difference between PersistenceSniper and Sysinternals Autoruns?

Accepted Answer

PersistenceSniper is a PowerShell module focused on remote, automated detection of over 60 persistence techniques, some not in Autoruns, while Autoruns is a GUI-based tool better for manual inspection on single machines. PersistenceSniper excels in scalability, but Autoruns offers more user-friendly visuals for detailed analysis.

Question 2

How do I install and run PersistenceSniper on multiple remote machines?

Accepted Answer

Install it via PowerShell Gallery with 'Install-Module PersistenceSniper', then use PowerShell remoting or scripts to execute 'Find-AllPersistence' on target machines. The README recommends reading the Wiki for detailed guidance on remote deployment and result parsing.

Question 3

Which persistence techniques can PersistenceSniper detect that other tools miss?

Accepted Answer

It covers techniques not always in Autoruns, such as those from Hexacorn's 'Beyond good ol' Run key' series, with over 60 methods detailed in the Detections Wiki page. Examples include lesser-known registry keys and file-based persistences that are updated regularly.

Question 4

Is PersistenceSniper free for use in my company's security operations?

Accepted Answer

No, it's licensed under a non-commercial clause of the MIT License, which excludes commercial purposes. You need permission for business deployments, so check the license or contact the maintainers for clarification.

Question 5

How to export PersistenceSniper results to a CSV file?

Accepted Answer

Use PowerShell cmdlets like 'Export-Csv' after running 'Find-AllPersistence', for example: 'Find-AllPersistence | Export-Csv -Path results.csv'. The Wiki likely provides more examples for formatting and automation.

Question 6

Can PersistenceSniper run on Linux or macOS?

Accepted Answer

No, it's a PowerShell module specifically designed for Windows systems, as it relies on Windows-specific APIs and persistence locations. For non-Windows environments, you'd need alternative tools or cross-platform adaptations.

Question 7

How often is PersistenceSniper updated with new detection techniques?

Accepted Answer

It's under active development with new releases coming out weekly, as stated in the README. The maintainers regularly add persistence methods based on research, so update frequently via PowerShell Gallery for the latest features.

PersistenceSniper

What is PersistenceSniper?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions