herrcore / LocalShellExtParse
Script to parse first load time for Shell Extensions loaded by user. Also enumerates all loaded Shell Extensions that are only installed for the Current User.
☆20Updated 9 years ago
Alternatives and similar repositories for LocalShellExtParse:
Users that are interested in LocalShellExtParse are comparing it to the libraries listed below
- Remote timing attack exploit against most Zeus/Zbot variants including Citadel, Ice9, Zeus 2.3, KINS/ZeusVM etc..☆24Updated 9 years ago
- POC for IAT Parsing Payloads☆48Updated 8 years ago
- Volatility Plugins☆21Updated 9 years ago
- Extract unencrypted SSH keys from pageant memory dump☆15Updated 9 years ago
- Tools to enumerate Windows Firewall Hook Drivers on Windows 2000, XP and 2003☆20Updated 10 years ago
- officefileinfo is a python script to help analyse the newer Microsoft Office file formats. There are numerous tools for dealing with the …☆16Updated 8 years ago
- This script is used for extracting DDE in docx and xlsx☆12Updated 7 years ago
- PAC HTTPS leak demo from DEF CON 24 'Toxic Proxies' talk☆30Updated 8 years ago
- McAfee ePolicy 0wner exploit code☆46Updated 6 years ago
- Volatility Plugin to scan for shimmed processes in Windows☆10Updated 9 years ago
- ☆16Updated 10 years ago
- Work Fast With the pattern matching swiss knife for malware researchers.☆38Updated 9 years ago
- Resolves DLL API entrypoints for a process w/ remote query capabilities.☆55Updated 7 years ago
- Scan web server for known webshell names and responses☆50Updated 8 years ago
- a collection of yara rules for binary analysis☆24Updated 7 years ago
- Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to fi…☆49Updated 7 years ago
- Exploit Reliability Testing System☆34Updated 10 years ago
- A tool to generate yara signatures from function blocks☆19Updated 10 years ago
- Tool for dropping malware from EK☆40Updated 7 years ago
- Fileless SQL Server CLR-based Custom Stored Procedure Command Execution☆35Updated 8 years ago
- ☆10Updated 9 years ago
- API functions for Malware Research☆35Updated 5 years ago
- Royal APT - APT15 - Related Information from NCC Group Cyber Defense Operations Research☆53Updated 7 years ago
- A Windows REG file to enable all default PowerShell logging on a system with PowerShell v5 installed☆16Updated 8 years ago
- library to decode/parse zeus-like configuration files☆29Updated 7 years ago
- Environmental (and http) keying for scripting languages☆39Updated 6 years ago
- Basic file metadata gathering script☆21Updated last week
- Server for receiving autorun data from the clients☆13Updated 7 years ago
- Portable utility to check if a machine has been infected by Shamoon2☆15Updated 8 years ago
- Multiple rules for yara-project for detect compiler/packer/protector☆33Updated 5 years ago