Windows persistence: Registry Run keys (HKCU/HKLM\Software\Microsoft\Windows\CurrentVersion\Run), Scheduled Tasks, New Services, DLL hijacking, WMI subscriptions, COM hijacking, Browser extension, Startup folder.
Linux persistence: crontab entries, /etc/profile.d/ scripts, systemd services, ~/.bashrc, SSH authorized_keys, setuid binaries. Document ALL persistence mechanisms found during a pen test — clients need to remove them all. Detection: Autoruns (Windows), systemd unit analysis (Linux), crontab review.