Tagged: empire

[Forensics] NorkNork: Powershell Empire Persistence finder

NorkNork – Tool for identifying Empire persistence payloads This script was designed to identify Powershell Empire persistence payloads on Windows systems. It currently supports checks for these persistence methods: Scheduled...