Project-Iroh: allows for persistence to the operating system


Offensive Windows security tooling that allows for persistence to the operating system. Iroh provides a variety of different persistences and misconfigurations to the system with a couple of class calls. It also allows for a variety of entry points that can be built off of which will allow for the ability to mix and match persistence. This tool is currently in development and will have more features added to it as time goes on.


This tool is not to be used for malicious purposes and should only be used in competition or training environments.

Project Structure

There is a static library that is compiled called Iroh-Library which contains the namespace of all the classes that can be used. As of right now, they contain:

  • IrohUser (Create persistent user)
  • Firewall (Create persistent firewall rules)
  • EnableServices (Enable services that are helpful for remote access)

From your preferred entrypoint you can include the Iroh namespace, include the headers you want to use, and add the functionality you’d like in threads.


#include "../Iroh-Library/Iroh/User.h"

using namespace Iroh;

int main() {

// Initialize the class object
IrohUser irohUser = IrohUser();

// Use setters to set the class variables

// Start the process

return 0;


You can chain multiple classes running together by threading them.


Copyright (c) 2020 Jon