p0w3rsh3ll / AutoRunsLinks
πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β275Updated 6 months ago
Alternatives and similar repositories for AutoRuns
Users that are interested in AutoRuns are comparing it to the libraries listed below
Sorting:
- β259Updated 8 months ago
- Sysmon Tools for PowerShellβ230Updated 6 years ago
- Module to provide PowerShell functions that abstract Win32 API functionsβ248Updated last year
- Some PowerShell Stuffβ281Updated 3 years ago
- Log newly created WMI consumers and processes to the Windows Application event logβ124Updated 7 years ago
- Digital forensic acquisition tool for Windows based incident response.β344Updated last year
- PowerShell Module to interact with VirusTotalβ121Updated 5 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.β213Updated 4 years ago
- PowerSCCM - PowerShell module to interact with SCCM deploymentsβ363Updated 3 years ago
- Parses amcache.hve files, but with a twist!β140Updated 6 months ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ224Updated 6 years ago
- PowerShell Obfuscation Detection Frameworkβ740Updated last year
- PowerShell module for Mimikatzβ213Updated 5 years ago
- Commandline low level file extractor for NTFSβ294Updated 6 years ago
- PowerShell script for deobfuscating encoded PowerShell scriptsβ425Updated 4 years ago
- Prefetch Explorer Command Lineβ261Updated 6 months ago
- Detect and abuse risky SPNsβ263Updated 8 years ago
- zBang is a risk assessment tool that detects potential privileged account threatsβ340Updated 3 years ago
- Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)β353Updated 7 years ago
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)β159Updated 2 years ago
- C# based evtx parser with lots of extrasβ316Updated last month
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10β122Updated 6 months ago
- NetSPI PowerShell Scriptsβ334Updated 6 months ago
- ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.β135Updated 6 years ago
- Powershell Threat Hunting Moduleβ284Updated 8 years ago
- A PowerShell module to deploy active directory decoy objects.β233Updated 5 years ago
- β304Updated 4 years ago
- Lists of sources and utilities utilized to hunt, detect and prevent evildoers.β166Updated 6 years ago
- Windows 10 (v1803+) ActivitiesCache.db parsers (SQLite, PowerShell, .EXE)β189Updated 2 years ago
- β427Updated 2 years ago