A complete hands-on reference of 46 Windows persistence techniques used by real-world APT groups. Each technique includes MITRE ATT&CK TTP mapping, known threat actor attribution, attack commands, verification steps, and cleanup — organized from No-Admin to Admin level. Built for red teamers, malware analysts, and cybersecurity learners.
kernel resource rootkit malware-analysis malware-research bootkit malware-development malware-detection windows-internals malware-persistence windows-internal malware-resources
-
Updated
May 7, 2026 - C