p0w3rsh3ll / AutoRunsLinks
πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β272Updated 4 months ago
Alternatives and similar repositories for AutoRuns
Users that are interested in AutoRuns are comparing it to the libraries listed below
Sorting:
- β258Updated 6 months ago
- Module to provide PowerShell functions that abstract Win32 API functionsβ247Updated 11 months ago
- Log newly created WMI consumers and processes to the Windows Application event logβ124Updated 7 years ago
- Digital forensic acquisition tool for Windows based incident response.β341Updated last year
- Some PowerShell Stuffβ281Updated 2 years ago
- Executes PowerShell from an unmanaged processβ489Updated 9 years ago
- PowerShell Obfuscation Detection Frameworkβ735Updated last year
- Sysmon Tools for PowerShellβ229Updated 6 years ago
- Detect and abuse risky SPNsβ262Updated 7 years ago
- zBang is a risk assessment tool that detects potential privileged account threatsβ340Updated 2 years ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ223Updated 6 years ago
- A script for advanced discovery of Privileged Accounts - includes Shadow Adminsβ801Updated 5 years ago
- β428Updated 2 years ago
- PowerShell module for Mimikatzβ212Updated 5 years ago
- PowerShell Module to interact with VirusTotalβ120Updated 5 years ago
- Parses amcache.hve files, but with a twist!β135Updated 4 months ago
- Active Directory forensic frameworkβ324Updated 3 years ago
- Not PowerShellβ446Updated 8 years ago
- Windows Registry Knowledge Baseβ174Updated 7 months ago
- PowerSCCM - PowerShell module to interact with SCCM deploymentsβ360Updated 3 years ago
- A PowerShell module to deploy active directory decoy objects.β229Updated 5 years ago
- C# based evtx parser with lots of extrasβ308Updated last month
- SysmonX - An Augmented Drop-In Replacement of Sysmonβ215Updated 5 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.β208Updated 4 years ago
- Commandline low level file extractor for NTFSβ287Updated 5 years ago
- NetSPI PowerShell Scriptsβ333Updated 4 months ago
- Prefetch Explorer Command Lineβ256Updated 4 months ago
- β257Updated 2 years ago
- Sysmon EDR POC Build within Powershell to prove ability.β224Updated 4 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across alβ¦β653Updated 5 years ago