Link File Analysis

Link File Analysis
Download Copy
Title: Link File Analysis
Author: Paul Murton

In an incident where a user is suspected of exfiltrating data to a USB storage device, CD/DVD etc, its possible that the user may subsequently open an exfiltrated file on the media. In this scenario, a local lnk file will be created, providing evidence of the files existance. This payload uses a powershell script to search the user profle for lnk files where the target is on a drive other than the C: Drive. The output is put into a CSV file in the folder \loot\link-files

Incident Response, or simply IR, is all about managing the aftermath of a security breach. It's all about identifying, minimizing and containing damage as quickly as possible, as well as remediation such that the risk of additional incidents are minimized. A good incident response plan outlines the responsibilities of all parties, in addition to the procedures the organization takes to manage the incident. Having containment payloads developed, tested and at the ready before an incident will save valuable time when needed. See all incident response payloads.

This payload is for the Bash Bunny. Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.

Submit your own payload, or browse more featured Bash Bunny Payloads.

 

 

Related Payloads

Starting a PowerShell with administrator permissions in Windows 10/11
Starting a PowerShell with administrator permissions in Windows 10/11
This script can be considered by people who are new to the world of scripts written in DuckyScript so that they can unde
Read More
Change the password of the windows user
Change the password of the windows user
Through this script you will be able to change windows user's password super fast. A PowerShell with administrator perm
Read More
Everything Password Stealer
Everything Password Stealer
Steals every password in every windows 10 or 11 passwords with LaZagne. Bypasses UAC, Firewall, and Defender with persis
Read More