Add startup and persistence analysis tools
Add Get-AutoRun.ps1, Get-ScheduledTasks.ps1, and Get-Services.ps1 for analyzing auto-start programs and persistence mechanisms. Get-AutoRun: Run/RunOnce keys, Startup folders, startup tasks Get-ScheduledTasks: Detailed task analysis with filters Get-Services: Service enumeration using WMI/CIM Uses Get-CimInstance for reliable service enumeration, avoiding Get-Service permission issues. Multiple filters and output modes. Update TODO.md.
This commit is contained in:
8
TODO.md
8
TODO.md
@@ -40,10 +40,10 @@
|
||||
- [x] System uptime history (Get-Info.ps1, winfetch.ps1)
|
||||
|
||||
### Persistence Mechanisms
|
||||
- [ ] Run/RunOnce keys - Programs that auto-start
|
||||
- [ ] Scheduled tasks
|
||||
- [ ] Services
|
||||
- [ ] Startup folder contents
|
||||
- [x] Run/RunOnce keys - Programs that auto-start (Get-AutoRun.ps1)
|
||||
- [x] Scheduled tasks (Get-ScheduledTasks.ps1)
|
||||
- [x] Services (Get-Services.ps1)
|
||||
- [x] Startup folder contents (Get-AutoRun.ps1)
|
||||
|
||||
### Network Artifacts
|
||||
- [ ] DNS Cache
|
||||
|
||||
Reference in New Issue
Block a user