AutoRuns
Autoruns detector
Provides tools to detect and enumerate autorun entries and their associated files on Windows systems.
🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
258 stars
16 watching
46 forks
Language: PowerShell
last commit: 9 months ago
Linked from 1 awesome list
karneades/awesome-malware-persistenceRelated projects:
| Repository | Description | Stars |
|---|---|---|
 3coresec/automata | Automated tool to detect errors in security monitoring and measure effectiveness of SIEM rules against various behaviors. | 53 |
 experience-monks/detect-audio-autoplay | A tool to determine browser support for auto-playing audio | 14 |
 exeinfoasl/asl | An executable file detector software that identifies packers, protectors, compilers, .NET obfuscators, and other types of malware or unwanted code. | 772 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 last-byte/persistencesniper | Automated detection of malicious persistence techniques in Windows machines. | 1,930 |
 horsicq/nauz-file-detector | Identifies and determines properties of executable files using various analysis techniques | 531 |
 t0pcyber/hawk | A PowerShell-based tool to gather information on O365 intrusions and potential breaches. | 722 |
 logrhythm-labs/pie | A framework that detects and responds to phishing attacks by analyzing email contents, attachments, and links. | 180 |
 airbnb/binaryalert | Real-time malware detection and alert system for AWS S3 files | 1,415 |
 rajiv2790/falconeye | A real-time detection software for Windows process injections | 291 |
 xhargh/macropadapplicationdetector | Detects the active window on your computer and sends its name to a specialized device so it can automatically change to the correct macro. | 9 |
 gfoss/psrecon | Automates data collection and forensic analysis from remote Windows hosts using PowerShell | 479 |
 darkoperator/posh-virustotal | A PowerShell module for interacting with the VirusTotal API to analyze suspicious files and URLs. | 119 |
 business-science/anomalize | A package providing functions to decompose and detect anomalies in time series data | 339 |
 ajmartel/irtriage | Automated incident response tool for collecting critical system information during forensic analysis of Windows systems. | 130 |