AutoRuns
Autoruns detector
Provides tools to detect and enumerate autorun entries and their associated files on Windows systems.
🚀AutoRuns is a PowerShell module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence.
256 stars
16 watching
46 forks
Language: PowerShell
last commit: 7 months ago
Linked from 1 awesome list
karneades/awesome-malware-persistenceRelated projects:
| Repository | Description | Stars |
|---|---|---|
 3coresec/automata | Automated tool to detect errors in security monitoring and measure effectiveness of SIEM rules against various behaviors. | 50 |
 experience-monks/detect-audio-autoplay | A tool to determine browser support for auto-playing audio | 14 |
 exeinfoasl/asl | A tool that analyzes and detects various packers, compilers, protectors, and obfuscators used in Windows executables. | 758 |
 mhaggis/hunt-detect-prevent | A collection of resources and tools for detecting and preventing malicious activity on Windows systems. | 162 |
 last-byte/persistencesniper | A tool for detecting and identifying persistent malware techniques in Windows machines using PowerShell | 1,911 |
 horsicq/nauz-file-detector | Identifies and determines properties of executable files using various analysis techniques | 525 |
 t0pcyber/hawk | A PowerShell-based tool designed to facilitate forensic analysis in O365 environments by gathering and organizing relevant data. | 708 |
 logrhythm-labs/pie | A framework that detects and responds to phishing attacks by analyzing email contents, attachments, and links. | 180 |
 airbnb/binaryalert | Real-time malware detection and alert system for AWS S3 files | 1,409 |
 rajiv2790/falconeye | A real-time detection software for Windows process injections | 290 |
 xhargh/macropadapplicationdetector | Detects the active window on your computer and sends its name to a specialized device so it can automatically change to the correct macro. | 9 |
 gfoss/psrecon | Automates data collection and forensic analysis from remote Windows hosts using PowerShell | 479 |
 darkoperator/posh-virustotal | A PowerShell module for interacting with the VirusTotal API to analyze suspicious files and URLs. | 119 |
 business-science/anomalize | A package providing functions to decompose and detect anomalies in time series data | 339 |
 ajmartel/irtriage | Automated incident response tool for collecting critical system information during forensic analysis of Windows systems. | 130 |