• Stars
    star
    4
  • Rank 3,304,323 (Top 66 %)
  • Language
    PowerShell
  • Created over 3 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Series of scripts to parse the event log for analysis

More Repositories

1

PoSh-R2

PowerShell - Rapid Response... For the incident responder in you!
PowerShell
290
star
2

PowerShell

A series of scripts
PowerShell
93
star
3

Invoke-HiveNightmare

PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer
PowerShell
35
star
4

AutomatedProfiler

Automated forensics written in PowerShell
Perl
32
star
5

Group_Policy

A series of GPO templates
18
star
6

BlueSpectrum

An IOC framework written in PowerShell
PowerShell
16
star
7

Anydesk_Forensics

PowerShell
12
star
8

Invoke-SRUMDump

A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
PowerShell
12
star
9

Invoke-Fail2Ban

PowerShell version of Fail2Ban
PowerShell
11
star
10

TeamViewer_Forensics

A series of functions to parse Teamviewer logs to answer specific questions
PowerShell
9
star
11

EIF_Parser

Evil Inject Finder Remote Capability and Parser
PowerShell
9
star
12

McAfee_ePO

Custom Queries, Dashboards, and HIPs Rules
9
star
13

PoSh-R2_GUI

GUI version of PoSh-R2
PowerShell
9
star
14

Hunters_Hub

Custom Splunk App
CSS
7
star
15

Invoke-AZExplorer

Microsoft Azure Survey
PowerShell
7
star
16

Invoke-GhostLog

Removal of certain event logs within a Windows OS
PowerShell
7
star
17

Invoke-Unbup

Decrypts McAfee quarantine files
PowerShell
5
star
18

IIS_Log_Parser

IIS Logs
PowerShell
5
star
19

ConnectWise_Forensics

PowerShell
5
star
20

SkittleGrinder

Linux Log Collector
Shell
5
star
21

Invoke-HAFNIUMCheck.ps1

Script used to identify compromise via CVEs 2021-26855, 26857, 26858, and 27065
PowerShell
4
star
22

UnderTheWire

PowerShell gaming server site
HTML
3
star
23

Briefs-and-Guides

2
star
24

Invoke-ProcessSuspend

Suspending Processes using PS
PowerShell
2
star
25

YarPoSh

Remoting Capability for Deploying YARA Across an Enterprise
PowerShell
2
star
26

WMI_Watcher

PowerShell
2
star
27

BareMonkey

Volatility plugin parser
Shell
2
star
28

Invoke-PrinterNightmareResponse

PowerShell
1
star
29

PoSh_git

A git-like environment in PowerShell
PowerShell
1
star
30

Invoke-HiveDreams

A capability to identify and remediate CVE-2021-36934 (HiveNightmare)
PowerShell
1
star
31

McAfee_ESM

Custom Dashboards
1
star
32

PoSh-Bitvise-Log-Parser

Parsing Bitvise logs with PowerShell
PowerShell
1
star
33

CVE-Checker

Collection of script to check for CVEs
Shell
1
star
34

Invoke-HashFinder

Searches for a supplied list of SHA1 or SHA256 hashes on a system. Requires either a file size or creation date that is associated with the binary that the hashes were retrieved from.
PowerShell
1
star