hunting-for-persistence-mechanisms-in-windows
OfficialSystematically identify adversary persistence mechanisms in Windows endpoints.
Authorbalsm-health
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security professionals proactively identify and respond to adversary persistence mechanisms in Windows endpoints.
Core Features & Use Cases
- Threat Hunting: Detects and analyzes indicators of compromise across various Windows endpoints.
- Persistence Enumeration: Identifies known persistence points such as registry keys, services, scheduled tasks, and WMI subscriptions.
- Data Collection: Collects current persistence artifacts from endpoints using EDR, Sysmon, or Velociraptor.
- Baseline Comparison: Compares collected data against known-good baselines to identify anomalies.
- Investigation and Documentation: Correlates persistence entries with process activity and documents findings for remediation.
- Use Case: Security analysts can use this Skill during threat hunts, post-incident analysis, or during security posture assessments to identify unauthorized persistent software.
Quick Start
Use the hunting-for-persistence-mechanisms-in-windows skill to enumerate registry persistence keys.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferencesassets
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunting-for-persistence-mechanisms-in-windows Download link: https://github.com/balsm-health/Balsm-AI/archive/main.zip#hunting-for-persistence-mechanisms-in-windows Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.