abelcheung / rifiuti2
Windows Recycle Bin analyser
☆146Updated 2 weeks ago
Alternatives and similar repositories for rifiuti2:
Users that are interested in rifiuti2 are comparing it to the libraries listed below
- Remove individual lines from Windows XML Event Log (EVTX) files☆267Updated 4 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆221Updated 4 years ago
- Dump various types of Windows credentials without injecting in any process.☆427Updated 2 years ago
- Digital forensic acquisition tool for Windows based incident response.☆338Updated 11 months ago
- Windows Shortcut file (LNK) parser☆134Updated 2 years ago
- Parser for $UsnJrnl on NTFS☆110Updated 2 years ago
- Cross-platform, open-source shellbag parser☆150Updated 2 years ago
- exe2powershell - exe2bat reborn for modern Windows☆172Updated 4 years ago
- Powershell script for enumerating vulnerable DCOM Applications☆257Updated 6 years ago
- Commandline low level file extractor for NTFS☆285Updated 5 years ago
- Active Directory forensic framework☆323Updated 3 years ago
- A PoC WMI backdoor presented at Black Hat 2015☆273Updated 9 years ago
- ☆90Updated 2 years ago
- A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.☆170Updated 2 months ago
- Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)☆346Updated 7 years ago
- Parse evtx files and detect use of the DanderSpritz eventlogedit module☆148Updated 7 years ago
- Windows Credentials Editor v1.3beta☆109Updated 5 years ago
- The oledump-contrib repository contains plugins and enhancements for the oledump tool published by Didier Stevens.☆52Updated 8 years ago
- Windows 10 LPE (UAC Bypass) in Windows Store (WSReset.exe)☆264Updated 5 years ago
- a tool to make it easy and fast to test various forms of injection☆173Updated 5 years ago
- This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to …☆108Updated 5 years ago
- Netview enumerates systems using WinAPI calls☆295Updated 3 years ago
- APT34/OILRIG leak☆231Updated 6 years ago
- Windows RID Hijacking persistence technique☆174Updated 5 months ago
- Binaries, PowerShell scripts and information about Digital Signature Hijacking.☆215Updated 7 years ago
- Uses Invoke-Shellcode to execute a payload and persist on the system.☆113Updated 8 years ago
- Windows DPAPI laboratory☆91Updated 7 years ago
- 🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitima…☆270Updated 3 months ago
- This project is just a dumping ground for random scripts I've developed.☆139Updated 8 months ago
- A list of ways to execute code on Windows using legitimate Windows tools☆307Updated 5 years ago