dgnbelo-secinfo/windows-persistence-scanner

# Windows Persistence Scanner PowerShell-based tool to detect common Windows persistence mechanisms used by malware and threat actors. ## Features * Registry Run Key analysis * Scheduled Task enumeration * Service persistence detection * Startup folder inspection * WMI persistence indicators (basic check) ## Use Cases * Threat hunting * Incident response * Malware investigation * SOC endpoint triage ## Persistence Techniques Covered * Registry Run / RunOnce * Scheduled Tasks * Windows Services * Startup Folder execution * WMI event subscriptions (basic) ## Skills Demonstrated * Windows Internals * Threat Hunting * Endpoint Security * PowerShell Automation * SOC Operations ## Author Douglas Nunes Belo

标签：Libemu