WinUPRecon
Batch file for underprivileged basic recon in Windows
Script has been tested with and is not caught by:
-
Symantec Endpoint Protection
Windows Defender ATP
Avast AV
Install
Just download the file, or type git clone https://github[.]com/notwlsn/winuprecon.git into a git cmd line
Usage
- Change output directory to somewhere writeable
- Run
- Check output
Disclaimer
I'm probably not the first person to think of this or use a script like this. I'm just putting it up here for general community use. I'm sure I don't 'own' this code, I certainly don't claim to.
Background
I've seen this concept used a lot by Chinese APT groups, specifically APT17 and APT19.