Skip to content
Audit Powershell and search from known keywords in history #Blueteam
PowerShell
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Bluechecker.ps1
README.md

README.md

Bluechecker

Securethelogs.com

BlueChecker will help you audit PowerShell and check for any suspicious activity.

Simply download the script or run remotely using:

powershell –nop –c “iex(New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/securethelogs/Bluechecker/master/Bluechecker.ps1’)”

Once ran, BlueChecker will check for:

  • Powershell status
  • Evidence of downgrading
  • Registry and GP set for PowerShell auditing
  • Malicious scripts using keywords
  • Event logs for Module logging and script block logging.

For More Information, visit: https://securethelogs.com/hacking-with-powershell-blue-team/

You can’t perform that action at this time.