powershell -ep bypass
. .\powerup.ps
Invoke-AllChecks
03/2019
- Current privileges
- Unquoted service paths
- Service executable permissions
- Service permissions
- %PATH% for hijackable DLL locations
- AlwaysInstallElevated registry key
- Autologon credentials in registry
- Modifidable registry autoruns and configs
- Modifiable schtask files/configs
- Unattended install files
- Encrypted web.config strings
- Encrypted application pool and virtual directory passwords
- Plaintext passwords in McAfee SiteList.xml
- Cached Group Policy Preferences .xml files