PolarBearGod
PolarBearGod
Here is a repo that has this completed already: https://github.com/Schillings/SwordPhish
For anyone following this, there is going to be a talk at the SANS DFIR Summit presenting this. https://www.sans.org/event/digital-forensics-summit-2020/summit-agenda
Which Autoruns are you running? The Fire and Forget modules or the one created by Dave?
Some Windows 8+ modules are CDXML based. They can’t be made available on Windows 7 because the underlying WMI classes aren’t available; NetTCPIP is one of those modules. Here is...
Tracked this issue down. In the 1_Download-src.ps1 file SQLServer2016-SSEI-Expr.exe is sourced from an **ad network redirect** ` $AppList += ,@('SQLServer2016-SSEI-Expr.exe', "$DownloadFolder\Sql", 'https://ib.adnxs.com/seg?add=1&redir=https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D799012') ` For anyone else curious adnxs.com is an...
Just following this repo but was curious: The post operation uses Gnome Screenshot which is not universal across all *nix desktop environments - is there any particular reason to add...