There are no reviews yet. Be the first to send feedback to the community and the maintainers!
PoSh-R2
PowerShell - Rapid Response... For the incident responder in you!PowerShell
A series of scriptsInvoke-HiveNightmare
PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newerAutomatedProfiler
Automated forensics written in PowerShellGroup_Policy
A series of GPO templatesBlueSpectrum
An IOC framework written in PowerShellAnydesk_Forensics
Invoke-SRUMDump
A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.Invoke-Fail2Ban
PowerShell version of Fail2BanTeamViewer_Forensics
A series of functions to parse Teamviewer logs to answer specific questionsEIF_Parser
Evil Inject Finder Remote Capability and ParserMcAfee_ePO
Custom Queries, Dashboards, and HIPs RulesPoSh-R2_GUI
GUI version of PoSh-R2Hunters_Hub
Custom Splunk AppInvoke-AZExplorer
Microsoft Azure SurveyInvoke-GhostLog
Removal of certain event logs within a Windows OSInvoke-Unbup
Decrypts McAfee quarantine filesConnectWise_Forensics
SkittleGrinder
Linux Log CollectorEventLog_Parsers
Series of scripts to parse the event log for analysisInvoke-HAFNIUMCheck.ps1
Script used to identify compromise via CVEs 2021-26855, 26857, 26858, and 27065UnderTheWire
PowerShell gaming server siteBriefs-and-Guides
Invoke-ProcessSuspend
Suspending Processes using PSYarPoSh
Remoting Capability for Deploying YARA Across an EnterpriseWMI_Watcher
BareMonkey
Volatility plugin parserInvoke-PrinterNightmareResponse
PoSh_git
A git-like environment in PowerShellInvoke-HiveDreams
A capability to identify and remediate CVE-2021-36934 (HiveNightmare)McAfee_ESM
Custom DashboardsPoSh-Bitvise-Log-Parser
Parsing Bitvise logs with PowerShellCVE-Checker
Collection of script to check for CVEsInvoke-HashFinder
Searches for a supplied list of SHA1 or SHA256 hashes on a system. Requires either a file size or creation date that is associated with the binary that the hashes were retrieved from.Love Open Source and this site? Check out how you can help us