This is a Powershell script meant to help hunt down the known sha1 hashes for the 12/2020 Solarwinds hack
This project was written and tested on Microsoft server 2012 and 2016.
The main purpose of this script is to assist network defense teams with finding the hashes when only native windows tools are availible.
The script functions by first creating a SHA1 of the entire drive or directory provided.
The hashes are then saved to a .csv file on the system for documentation.
The script then checks against the known hashes provided in the FireEye Github release. found here: https://github.com/fireeye/sunburst_countermeasures
Command Post Technologies thanks FireEye for providing all the information required to help in the creation of this project.