reverse-engineer-intune
OfficialUncover how Intune really works on Windows.
Authorpowerstacks-corp
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Analyse what Intune actually does on a Windows device by collecting evidence and explaining the real mechanism behind management actions.
Core Features & Use Cases
- Forensics data collection: gathers IME logs, registry hives, MDM certificates, scheduled tasks, services, and management event logs to build a cohesive evidence map.
- Investigation + reporting: synthesizes findings into a Rudy-Ooms-style investigative blog post that clarifies the gap between reported state and actual device behavior.
- Tiered analysis depth: supports Tier 1 read-only collection and can escalate to Tier 2 (Procmon), Tier 3 (IME decompilation), and Tier 4 (native decompilation) as needed.
- Safety-first output: produces a portable markdown deliverable that documents evidence, mechanism, and open questions for lab replication.
Quick Start
Trigger a scenario by saying go rudy this <scenario> and Claude Code will produce the investigative blog post.
Dependency Matrix
Required Modules
ilspycmddotnetwingetMicrosoft.OpenJDK.21Ghidra
Components
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: reverse-engineer-intune Download link: https://github.com/powerstacks-corp/reverse-engineer-intune/archive/main.zip#reverse-engineer-intune Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 510,000+ vetted skills library on demand.