all InfoSec news
Trawler - PowerShell Script To Help Incident Responders Discover Adversary Persistence Mechanisms
KitPloit - PenTest Tools! www.kitploit.com
Dredging Windows for Persistence
What is it?
Trawler is a PowerShell script designed to help Incident Responders discover potential indicators of compromise on Windows hosts, primarily focused on persistence mechanisms including Scheduled Tasks, Services, Registry Modifications, Startup Items, Binary Modifications and more.
Currently, trawler can detect most of the persistence techniques specifically called out by MITRE and Atomic Red Team with more detections being added on a regular basis.
Main Features
- Scanning Windows OS for a variety of persistence techniques …
adversary binary blue team compromise detect dfir discover incident incident responders incident response indicators of compromise malware modifications persistence powershell powershell script registry script server management services startup techniques telemetry what is windows winlogon