issues
search
joeavanzato
/
Trawler
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
MIT License
306
stars
32
forks
source link
Script level todos
#68
Open
baileydauterman
opened
3 days ago
baileydauterman
commented
3 days ago
[ ] JSON Detection Output to easily encapsulate more details
[ ] Non-Standard Service/Task running as/created by Local Administrator
[ ] Browser Extension Analysis
[ ] Temporary RID Hijacking
[ ] ntshrui.dll -
https://www.mandiant.com/resources/blog/malware-persistence-windows-registry
[ ] Add file metadata for detected files (COM/DLL Hijacks, etc)
[ ] Add more suspicious paths for running processes
[ ] Iterate through HKEY_USERS when encountering HKEY_CURRENT_USER hive reference
baileydauterman
commented
3 days ago
Remove list of TODOs from the script so they can be tracked