Tagged: powershell

WMI_Forensics: find evidence in WMI repositories

WMI_Forensics This repository contains scripts used to find evidence in WMI repositories, specifically OBJECTS.DATA files located at: C:\WINDOWS\system32\wbem\Repository\OBJECTS.DATA C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Download CCM_RUA_Finder.py CCM_RUA_finder.py extracts SCCM software metering RecentlyUsedApplication logs from OBJECTS.DATA files. Usage The output...

Invoke-Vnc: Powershell VNC injector

Invoke-Vnc executes a VNC agent in-memory and initiates a reverse connection, or binds to a specified port. Password authentication is supported. Execute agent remotely via WMI If you have authenticated access (password, nt hash...

Red Team Powershell Scripts

Use powershell to manage domain users

In the domain environment, often need to use the command line management domain users, then you can use the Active Directory command line tools Dsquery.exe, or CSVE, and Ldifde, in fact, the use of...