The repository tries to gather an information about Windows persistence mechanisms to make the protection/detection more efficient. Most of the information is well known for years, being actively used within various scenarios.
Expect more. I am doing my best to add new entries each day.

How it works. And how to contribute.

---

👨‍💼 HKCU Run and RunOnce registry keys

👨‍💼 ⚙ Task Scheduler

⚙ Image File Execution Options key

⚙ Windows Services

AeDebug

WER Debugger *

⚙ Natural Language Development Platform 6 DLLs *

⚙ GPO Client-side Extension

⚙ Filter Handlers for Windows Search

Disk Cleanup Handler

👨‍💼 .chm helper DLL *

hhctrl.ocx *

⚙ AMSI Providers

⚙ ServerLevelPluginDll

Password Filter

Credential Manager DLL

⚙ Authentication Packages

Code Signing DLL

👨‍💼 HKCU cmd.exe AutoRun

⚙ LSA Extension

⚙ Winlogon Notification Package

⚙ Print Monitor

👨‍💼 HKCU Load

MPNotify

⚙ Windows Platform Binary Table

Explorer tools *

👨‍💼 Windows Terminal Profile

👨‍💼 Startup Folder

👨‍💼 User Init Mpr Logon Script *

⚙ Autodial DLL *

.NET Startup Hooks

👨‍💼 PowerShell Profiles

👨‍💼 TS Initial Program

RDP WDS Startup Programs

⚙ IFilter

Recycle Bin COM Extension Handler *

TelemetryController

Monitoring Silent Process Exit

⚙ Desired State Configuration

👨‍💼 Screen Saver

Netsh extension DLL

⚙ Boot Verification Program

👨‍💼 File Extension Hijacking

👨‍💼 Keyboard Shortcut *

Want more? Check the list tomorrow. :)

---

* Based on a research made by @Hexacorn - one of the best persistence hunters.

⚙ It is enough to turn computer on to make the code run.
👨‍💼 End-user can do it.