EricZimmerman / LECmdLinks
Lnk Explorer Command line edition!!
☆320Updated 7 months ago
Alternatives and similar repositories for LECmd
Users that are interested in LECmd are comparing it to the libraries listed below
Sorting:
- Prefetch Explorer Command Line☆261Updated 7 months ago
- Parses amcache.hve files, but with a twist!☆140Updated 7 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆287Updated last year
- Beta versions of my software☆260Updated 2 months ago
- C# based evtx parser with lots of extras☆318Updated last month
- Event Tracing For Windows (ETW) Resources☆395Updated 10 months ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆122Updated 7 months ago
- Detect and respond to Cobalt Strike beacons using ETW.☆508Updated 3 years ago
- Cobalt Strike Beacon configuration extractor and parser.☆155Updated 4 years ago
- ☆522Updated 2 months ago
- Encyclopedia for Executables☆449Updated 3 years ago
- Parses $MFT from NTFS file systems☆256Updated 3 months ago
- Code and yara rules to detect and analyze Cobalt Strike☆269Updated 4 years ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆335Updated 2 years ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆174Updated 2 months ago
- Threat Intel IoCs + bits and pieces of dark matter☆412Updated 2 months ago
- Windows Registry Knowledge Base☆180Updated 10 months ago
- $MFT directory tree reconstruction & FILE record info☆310Updated 10 months ago
- Detection in the form of Yara, Snort and ClamAV signatures.☆237Updated 9 months ago
- Extracted Yara rules from Windows Defender mpavbase and mpasbase☆455Updated 2 weeks ago
- Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)☆583Updated last year
- ☆549Updated last year
- RDP Bitmap Cache parser☆564Updated 7 months ago
- ☆782Updated 2 years ago
- View ETW Provider manifest☆526Updated 9 months ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆247Updated 4 months ago
- Commandline low level file extractor for NTFS☆296Updated 6 years ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆217Updated 2 years ago
- Live forensic artifacts collector☆170Updated last year
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago