πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β289Jan 5, 2025Updated last year
Alternatives and similar repositories for AutoRuns
Users that are interested in AutoRuns are comparing it to the libraries listed below
Sorting:
- Python script for analyis of the "Trust.csv" file generated by Veil PowerView. Provides graph based analysis and output.β121Aug 18, 2020Updated 5 years ago
- Gives context to a system. Uses EQGRP shadow broker leaked list to give some descriptions to processes.β47Jun 5, 2017Updated 8 years ago
- Generates anti-sandbox analysis HTA files without payloadsβ120Mar 16, 2017Updated 8 years ago
- POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's sβ¦β105Jul 2, 2017Updated 8 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.β103Nov 17, 2020Updated 5 years ago
- A JavaScript and VBScript Based Empire Launcher, which runs within their own embedded PowerShell Host.�β321Jun 5, 2017Updated 8 years ago
- PowerForensics provides an all in one platform for live disk forensic analysisβ1,428Nov 16, 2023Updated 2 years ago
- Custom scripts released for BSidesDC 2016β14Oct 19, 2016Updated 9 years ago
- PowerShell module to play with Kerberos S4U extensionsβ52Apr 2, 2017Updated 8 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.β388Jun 25, 2024Updated last year
- β67Dec 19, 2018Updated 7 years ago
- Powershell module to assist in attacking Exchange/Outlook Web Accessβ182Sep 22, 2016Updated 9 years ago
- Automated, Collection, and Enrichment Platformβ324Nov 14, 2019Updated 6 years ago
- Random Toolsβ850Oct 20, 2022Updated 3 years ago
- Currently not updated for WMIEvent module...β262Feb 23, 2016Updated 10 years ago
- PowerShell Scripts focused on Post-Exploitation Capabilitiesβ319Dec 29, 2017Updated 8 years ago
- Exploit the credentials present in files and memoryβ842May 25, 2023Updated 2 years ago
- Executes common PowerSploit Powerview functions then combines output into a spreadsheet for easy analysis.β70Jul 26, 2018Updated 7 years ago
- Collection of PowerShell scriptsβ450Dec 18, 2017Updated 8 years ago
- Fileless SQL Server CLR-based Custom Stored Procedure Command Executionβ35Mar 6, 2017Updated 8 years ago
- In case you didn't now how to restore the user password after a password reset (get the previous hash with DCSync)β168Jun 8, 2017Updated 8 years ago
- Windows PowerShell domain scanning toolβ54Apr 23, 2016Updated 9 years ago
- Powershell VNC injectorβ341Jun 29, 2020Updated 5 years ago
- DNSDelivery provides delivery and in memory execution of shellcode or .Net assembly using DNS requests delivery channel.β145Oct 6, 2019Updated 6 years ago
- PoC: process watcher patterns to make killing a process hard.β11Aug 1, 2018Updated 7 years ago
- Invoke-LiveResponseβ150Feb 22, 2022Updated 4 years ago
- Port of eternal blue exploits to powershellβ151Jun 3, 2017Updated 8 years ago
- PowerShell Empire module for logging USB keystrokes via ETWβ32Nov 11, 2016Updated 9 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across alβ¦β658Aug 19, 2019Updated 6 years ago
- Search for categorized domainβ453Jan 15, 2019Updated 7 years ago
- A script for advanced discovery of Privileged Accounts - includes Shadow Adminsβ826Sep 9, 2019Updated 6 years ago
- C# Targeted Attack Reconnissance Toolsβ120Jan 11, 2021Updated 5 years ago
- A .NET tool that uses AppDomain's to enable dynamic execution and escape detection.β29Nov 25, 2019Updated 6 years ago
- A PowerShell based utility for the creation of malicious Office macro documents.β1,109Nov 3, 2017Updated 8 years ago
- A Bring Your Own Land Toolkit that Doubles as a WMI Providerβ289Oct 31, 2018Updated 7 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted daβ¦β493Jul 29, 2017Updated 8 years ago
- PowerView menu for Cobalt Strikeβ70Mar 22, 2018Updated 7 years ago
- LyncSniper: A tool for penetration testing Skype for Business and Lync deploymentsβ307Jul 3, 2020Updated 5 years ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ228Oct 14, 2018Updated 7 years ago