EricZimmerman / LECmdLinks
Lnk Explorer Command line edition!!
☆317Updated 6 months ago
Alternatives and similar repositories for LECmd
Users that are interested in LECmd are comparing it to the libraries listed below
Sorting:
- Parses amcache.hve files, but with a twist!☆140Updated 6 months ago
- Prefetch Explorer Command Line☆261Updated 6 months ago
- RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.☆283Updated last year
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆122Updated 6 months ago
- Beta versions of my software☆259Updated last month
- Detect and respond to Cobalt Strike beacons using ETW.☆504Updated 3 years ago
- C# based evtx parser with lots of extras☆316Updated last month
- Cobalt Strike Beacon configuration extractor and parser.☆154Updated 3 years ago
- Event Tracing For Windows (ETW) Resources☆393Updated 10 months ago
- Windows Registry Knowledge Base☆177Updated 9 months ago
- ☆520Updated last month
- $MFT directory tree reconstruction & FILE record info☆307Updated 9 months ago
- A repository that maps commonly used attacks using MSRPC protocols to ATT&CK☆333Updated 2 years ago
- Parses $MFT from NTFS file systems☆253Updated 2 months ago
- MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.☆214Updated 2 years ago
- Encyclopedia for Executables☆447Updated 3 years ago
- Commandline low level file extractor for NTFS☆294Updated 6 years ago
- RDP Bitmap Cache parser☆549Updated 6 months ago
- Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles☆173Updated last month
- Detection in the form of Yara, Snort and ClamAV signatures.☆232Updated 9 months ago
- ☆547Updated last year
- Code and yara rules to detect and analyze Cobalt Strike☆269Updated 4 years ago
- Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR☆245Updated 4 months ago
- Sysmon EDR POC Build within Powershell to prove ability.☆226Updated 4 years ago
- Live forensic artifacts collector☆168Updated last year
- ☆778Updated 2 years ago
- Parser for $LogFile on NTFS☆199Updated 2 months ago
- View ETW Provider manifest☆520Updated 9 months ago
- Sysmon-Like research tool for ETW☆357Updated 2 years ago
- Project for identifying executables that have command-line options that can be obfuscated, possibly bypassing detection rules.☆177Updated 6 months ago