When the shadow brokers released a large number of Equation Group tools in 2017, many researchers jumped on the analysis of EternalBlue, FuzzBunch etc. The exploits of the leak have now been thoroughly analysed and mostly patched, but the works of its persistence tool (Danderspritz) is still widely unknown. In our talk, we are going to break down the Killsuit modules of Danderspritz. Killsuit (KiSu) is a modular post-exploitation persistence and capability mechanism employed in various hacker frameworks including Danderspritz (DdSz).