diff --git a/persistence/act-as-share-provider-dll.yml b/persistence/act-as-share-provider-dll.yml
new file mode 100644
index 00000000..b1246326
--- /dev/null
+++ b/persistence/act-as-share-provider-dll.yml
@@ -0,0 +1,22 @@
+rule:
+  meta:
+    name: act as Share Provider DLL
+    namespace: persistence
+    authors:
+      - jakub.jozwiak@mandiant.com
+    scopes:
+      static: file
+      dynamic: file
+    att&ck:
+      - Persistence::Server Software Component [T1505]
+    references:
+      - https://www.hexacorn.com/blog/2018/10/14/how-to-find-new-persistence-tricks/
+    examples:
+      - 7ca4ce02c9d331c2cfdad7329352664c224f02ccfef826a76321831bee1e2191
+  features:
+    - or:
+      - export: ShareProviderInitialize
+      - export: ShareProviderUninitialize
+      - export: ShareProviderShareAdd
+      - export: ShareProviderShareSetInfo
+      - export: ShareProviderShareDel
diff --git a/persistence/act-as-windbg-extension.yml b/persistence/act-as-windbg-extension.yml
new file mode 100644
index 00000000..069c1796
--- /dev/null
+++ b/persistence/act-as-windbg-extension.yml
@@ -0,0 +1,19 @@
+rule:
+  meta:
+    name: act as WinDbg extension
+    namespace: persistence
+    authors:
+      - jakub.jozwiak@mandiant.com
+    scopes:
+      static: file
+      dynamic: file
+    att&ck:
+      - Persistence::Server Software Component [T1505]
+    references:
+      - https://www.codeproject.com/Articles/6522/Debug-Tutorial-Part-4-Writing-WINDBG-Extensions
+    examples:
+      - 36f506a34b99bf4c199b3c9ec8aa02bd631feafdca20e69e33e714c269ddb8c5
+  features:
+    - or:
+      - export: ExtensionApiVersion
+      - export: WinDbgExtensionDllInit