p0w3rsh3ll / AutoRunsLinks
πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β274Updated 5 months ago
Alternatives and similar repositories for AutoRuns
Users that are interested in AutoRuns are comparing it to the libraries listed below
Sorting:
- β258Updated 6 months ago
- Executes PowerShell from an unmanaged processβ491Updated 9 years ago
- Lnk Explorer Command line edition!!β310Updated 5 months ago
- PowerShell Obfuscation Detection Frameworkβ740Updated last year
- Module to provide PowerShell functions that abstract Win32 API functionsβ247Updated last year
- Sysmon Tools for PowerShellβ229Updated 6 years ago
- Commandline low level file extractor for NTFSβ290Updated 5 years ago
- Log newly created WMI consumers and processes to the Windows Application event logβ124Updated 7 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.β209Updated 4 years ago
- Some PowerShell Stuffβ281Updated 3 years ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ223Updated 6 years ago
- Detect and abuse risky SPNsβ262Updated 8 years ago
- Prefetch Explorer Command Lineβ258Updated 5 months ago
- Digital forensic acquisition tool for Windows based incident response.β342Updated last year
- Parses amcache.hve files, but with a twist!β136Updated 5 months ago
- β772Updated 2 years ago
- PowerShell script for deobfuscating encoded PowerShell scriptsβ424Updated 4 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10β118Updated 5 months ago
- Windows Registry Knowledge Baseβ175Updated 8 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmonβ215Updated 5 years ago
- PowerShell module for Mimikatzβ212Updated 5 years ago
- β350Updated 4 years ago
- β519Updated 2 weeks ago
- PowerShell Module to interact with VirusTotalβ121Updated 5 years ago
- Sysmon EDR POC Build within Powershell to prove ability.β225Updated 4 years ago
- A script for advanced discovery of Privileged Accounts - includes Shadow Adminsβ801Updated 5 years ago
- A PowerShell module to deploy active directory decoy objects.β231Updated 5 years ago
- β304Updated 4 years ago
- PowerShell Remote Download Cradle Generator & Obfuscatorβ840Updated 7 years ago
- PowerSCCM - PowerShell module to interact with SCCM deploymentsβ362Updated 3 years ago