Skip to content
/ persistence_demos Public

Demos of various (also non standard) persistence methods used by malware

217 stars 47 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hasherezade/persistence_demos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
com_hijack
com_hijack
 
 
extension_hijack
extension_hijack
 
 
restricted_directory
restricted_directory
 
 
shim_persist
shim_persist
 
 
.appveyor.yml
.appveyor.yml
 
 
CMakeLists.txt
CMakeLists.txt
 
 
README.md
README.md
 
 

Repository files navigation

persistence_demos

Build status

Demos for the presentation "Wicked malware persistence methods".

  • com_hijack - loads a demo DLL via COM hijacking
  • extension_hijack - hijacks extensions handlers in order to run a demo app while the file with the given extension is opened
  • shim_persist - installs a shim that injects a demo DLL into explorer.exe
  • restricted_directory - drops a PE into a restricted directory (that cannot be accessed or deleted), and launches it

About

Demos of various (also non standard) persistence methods used by malware

Resources

Readme
Activity

Stars

217 stars

Watchers

15 watching

Forks

47 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages