Your PowerShell-powered solution for effortless CLSID analysis! Designed for Threat Researchers and Malware Analysts, this tool simplifies the process of extracting and inspecting users' CLSID registry values. Easily identify potential threats and malicious activity by examining COM Objects for compromise or replacement by malware. CLSID Ninja offers a comprehensive view, allowing you to access CLSID lists for both online (Active Users) and offline users by loading UsrClass.DAT files into the HKLM hive. Streamline your analysis with CLSID Ninja today!
Working with EDR's? not a problem!
CLSID Ninja is designed to seamlessly integrate into your workflow:
- Local Host: CLSID Ninja can be run locally on the host itself.
- Cortex XDR Live Terminal: Easily execute CLSID Ninja within the Cortex XDR Live Terminal, enhancing your threat analysis capabilities.
- Falcon Crowdstrike RTR: Extend your threat detection and response capabilities with CLSID Ninja in Falcon Crowdstrike RTR,
ensuring effective CLSID analysis directly within the platform.
Tested on: Windows 10, Windows 11.
.\CLSID-Ninja.ps1 -Search Menu
Click to see screenshot
.\CLSID-Ninja.ps1 -Search All
Click to see screenshot
.\CLSID-Ninja -Search CLSID "{PUT-YOUR-CLSID}"
Example: .\CLSID-Ninja -Search CLSID ""{0003000A-0000-0000-C000-000000000046}"
Click to see screenshot
Click to see video
The first line of code, is to bypass the execution policy so you can run script on the system.
Set-ExecutionPolicy b p
