Skip to content

Solen-Yaa/AMSITrigger

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AMSITrigger

Hunting for Malicious Strings

Usage:

-i, --inputfile=VALUE   Powershell filename
-u, --url=VALUE         URL eg. https://10.1.1.1/Invoke-NinjaCopy.ps1
-f, --format=VALUE      Output Format:
                            1 - Only show Triggers
                            2 - Show Triggers with Line numbers
                            3 - Show Triggers inline with code
                            4 - Show AMSI calls (xmas tree mode)
-d, --debug             Show Debug Info
-h, -?, --help          Show Help

For details see https://www.rythmstick.net/posts/amsitrigger

About

The Hunt for Malicious Strings

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C# 100.0%