Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
To run, drop dfirtriage.exe on the target or connected USB drive and execute with admin rights, -h for help. This document outlines the functionality and proper use of the DFIRtriage tool. Also ...