Jesse secabstraction
secabstraction
/ Get-ProcessTrace.ps1
Last active
September 27, 2015 04:06
Trace the threads of a process, "mini-dbg" RDI detection
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ProcessTrace { | |
| <# | |
| .SYNOPSIS | |
| Walks thread stacks of specified process(es) to help identify dll injection. | |
| .DESCRIPTION | |
| This commandlet uses Windows Remote Management to trace the threads of specified process(es) of remote machines. | |
| .PARAMETER ComputerName | |
| Specify the hostname or IP address of a remote computer to retrieve data from. |
secabstraction
/ Get-DosDevice.ps1
Created
September 26, 2015 17:56
A powershell wrapper around QueryDosDevice
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-DosDevice { | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter()] | |
| [ValidateNotNullOrEmpty()] | |
| [String]$Name | |
| ) | |
| #region WinAPI |
NewerOlder