p0w3rsh3ll / AutoRuns
πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β251Updated 5 months ago
Related projects: β
- β246Updated 4 months ago
- Sysmon Tools for PowerShellβ229Updated 6 years ago
- Module to provide PowerShell functions that abstract Win32 API functionsβ236Updated 3 months ago
- Executes PowerShell from an unmanaged processβ466Updated 8 years ago
- Log newly created WMI consumers and processes to the Windows Application event logβ123Updated 6 years ago
- Some PowerShell Stuffβ281Updated 2 years ago
- PowerShell Obfuscation Detection Frameworkβ719Updated 9 months ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.β207Updated 3 years ago
- Detect and abuse risky SPNsβ259Updated 7 years ago
- Parses amcache.hve files, but with a twist!β115Updated 2 weeks ago
- Prefetch Explorer Command Lineβ209Updated last week
- NetSPI PowerShell Scriptsβ321Updated 8 months ago
- PowerShell module for Mimikatzβ209Updated 4 years ago
- PowerSCCM - PowerShell module to interact with SCCM deploymentsβ332Updated 2 years ago
- Lnk Explorer Command line edition!!β261Updated 3 months ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ215Updated 5 years ago
- PowerShell Module to interact with VirusTotalβ115Updated 4 years ago
- Powershell Threat Hunting Moduleβ274Updated 7 years ago
- C# based evtx parser with lots of extrasβ266Updated 2 weeks ago
- zBang is a risk assessment tool that detects potential privileged account threatsβ333Updated 2 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.β381Updated 2 months ago
- Commandline low level file extractor for NTFSβ272Updated 5 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmonβ206Updated 5 years ago
- PowerShell Remote Download Cradle Generator & Obfuscatorβ817Updated 6 years ago
- β415Updated last year
- A PowerShell module to deploy active directory decoy objects.β220Updated 4 years ago
- Digital forensic acquisition tool for Windows based incident response.β328Updated 4 months ago
- PowerShell script for deobfuscating encoded PowerShell scriptsβ416Updated 3 years ago
- β293Updated 4 years ago
- β251Updated 2 years ago