Powershell collection designed to assist in Threat Hunting Windows systems.
-
Updated
Jan 14, 2018 - PowerShell
Powershell collection designed to assist in Threat Hunting Windows systems.
PowerShell module for creating and managing Sysinternals Sysmon config files.
incident response scripts
A PowerShell script for remotely disabling active Windows 10/2016 device network interfaces.
A PowerShell client for retrieving and searching Sysmon logs
ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.
Trial and error creation of powershell scripts to help with IR
This script allows for incident responders to scope specific indicators of compromise
Powering Up Incident Response with Power-Response
Small Incident Response Powershell script that collects various data from the system.Good alternative to run on a system while waiting for an approved AV scan( or instead of a scan)
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework
Powershell script to conduct a recursive hash verification of E01/S01 images in a folder using Windows FTK Imager Command Line Interface tool
Manage loki scans over a large network.
A simple PowerShell Module for finding IOC's across your Windows Network
Add a description, image, and links to the dfir topic page so that developers can more easily learn about it.
To associate your repository with the dfir topic, visit your repo's landing page and select "manage topics."