@thor I just read your post. looks cool. I'm going to try rigging something up. basic idea is to build out a set of virtual tables in an extension that map 1:1 to the persistence mechanisms captured in the ATT&CK matrix (
https://attack.mitre.org/wiki/ATT&CK_Matrix) - appcert DLLs, appinit DLLs, etc.)