Persistence Mechanisms

Hunting for Scheduled Tasks, Registry Run keys, and WMI subscriptions.

Common Persistence Methods

Persistence ensures malware survives reboots.

Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Scheduled Tasks: schtasks /create

WMI Event Subscriptions: __EventFilter