EricZimmerman / LECmdLinks
Lnk Explorer Command line edition!!
☆328Updated 9 months ago
Alternatives and similar repositories for LECmd
Users that are interested in LECmd are comparing it to the libraries listed below
Sorting:
- Prefetch Explorer Command Line☆272Updated 9 months ago
- Parses amcache.hve files, but with a twist!☆142Updated 9 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆294Updated 2 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆124Updated 9 months ago
- C# based evtx parser with lots of extras☆329Updated last month
- Event Tracing For Windows (ETW) Resources☆404Updated 2 weeks ago
- Beta versions of my software☆264Updated 4 months ago
- ☆529Updated 4 months ago
- Windows Registry Knowledge Base☆186Updated last week
- Detect and respond to Cobalt Strike beacons using ETW.☆508Updated 3 years ago
- Parses $MFT from NTFS file systems☆268Updated 5 months ago
- Cobalt Strike Beacon configuration extractor and parser.☆157Updated 4 years ago
- $MFT directory tree reconstruction & FILE record info☆314Updated last year
- Commandline low level file extractor for NTFS☆303Updated 6 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆337Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆180Updated 4 months ago
- View ETW Provider manifest☆537Updated 11 months ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆237Updated 11 months ago
- ☆553Updated last year
- The multi-platform memory acquisition tool.☆860Updated last week
- Code and yara rules to detect and analyze Cobalt Strike☆271Updated 4 years ago
- MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR☆678Updated 3 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆248Updated 6 months ago
- Sysmon-Like research tool for ETW☆368Updated 2 years ago
- ☆793Updated 2 years ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆178Updated 8 months ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆584Updated last year
- PowerDecode is a PowerShell-based tool that allows to deobfuscate PowerShell scripts obfuscated across multiple layers. The tool performs…☆212Updated last year
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆466Updated 2 months ago
- Live forensic artifacts collector☆172Updated last year