p0w3rsh3ll / AutoRuns
πAutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
β267Updated 2 months ago
Alternatives and similar repositories for AutoRuns:
Users that are interested in AutoRuns are comparing it to the libraries listed below
- Sysmon Tools for PowerShellβ229Updated 6 years ago
- β256Updated 4 months ago
- Digital forensic acquisition tool for Windows based incident response.β338Updated 10 months ago
- Some PowerShell Stuffβ282Updated 2 years ago
- Parses amcache.hve files, but with a twist!β130Updated 2 months ago
- Lnk Explorer Command line edition!!β295Updated 2 months ago
- Executes PowerShell from an unmanaged processβ486Updated 9 years ago
- Module to provide PowerShell functions that abstract Win32 API functionsβ243Updated 9 months ago
- PowerShell module for Mimikatzβ212Updated 5 years ago
- Log newly created WMI consumers and processes to the Windows Application event logβ124Updated 7 years ago
- Detect and abuse risky SPNsβ260Updated 7 years ago
- PowerShell Obfuscation Detection Frameworkβ730Updated last year
- Prefetch Explorer Command Lineβ250Updated 2 months ago
- Commandline low level file extractor for NTFSβ284Updated 5 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10β116Updated 2 months ago
- PowerShell script for deobfuscating encoded PowerShell scriptsβ425Updated 4 years ago
- A PowerShell module to deploy active directory decoy objects.β226Updated 5 years ago
- Active Directory forensic frameworkβ324Updated 3 years ago
- β427Updated last year
- Windows Registry Knowledge Baseβ173Updated 5 months ago
- C# based evtx parser with lots of extrasβ296Updated 2 weeks ago
- Easily define in-memory enums, structs, and Win32 functions in PowerShellβ222Updated 6 years ago
- β302Updated 4 years ago
- PowerSCCM - PowerShell module to interact with SCCM deploymentsβ353Updated 3 years ago
- Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)β346Updated 7 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.β207Updated 4 years ago
- Powershell Threat Hunting Moduleβ283Updated 8 years ago
- β350Updated 4 years ago
- NetSPI PowerShell Scriptsβ330Updated 2 months ago
- SysmonX - An Augmented Drop-In Replacement of Sysmonβ214Updated 5 years ago