-
Notifications
You must be signed in to change notification settings - Fork 33
Home
Invoke-IR edited this page Oct 18, 2014
·
2 revisions
Uproot is a Host Based Intrusion Detection System built on a PowerShell backend, that leverages Windows Management Instrumentation (WMI) Permanent Event Subscriptions. Rather than focusing on signature based detection, Uproot focuses on notifying its users of weird or malicious type behavior. Uproot does not attempt to provide clear cut signatures for malicious activity, but uses a vast knowledge of hacking techniques and malware infection vectors to identify events that are worthy of investigation.
- PowerShell & WMI