Powershell

ScubaGear is a PowerShell-based assessment tool that evaluates Microsoft 365 tenant configurations against CISA security baselines using Open Policy Agent and generates compliance reports.

ESC is an interactive .NET SQL console client with enhanced SQL Server discovery and data exfiltration features designed for penetration testing and red team engagements.

A PowerShell security assessment script that evaluates Siemens SIMATIC PCS 7 industrial control systems for security misconfigurations and vulnerabilities.

SharpAppLocker is a C# tool that retrieves AppLocker application control policies from Windows systems, replicating the Get-AppLockerPolicy PowerShell cmdlet functionality.

A PowerShell-based DFIR automation tool that streamlines artifact and evidence collection from Windows machines for digital forensic investigations.

Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.

PowerSploit is a PowerShell-based penetration testing framework containing modules for code execution, injection techniques, persistence, and various offensive security operations.

A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.

Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.

Microsoft BitLocker is a Windows-integrated full volume encryption solution that protects data on devices through disk-level encryption with enterprise deployment and management capabilities.

PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.

A collection of YARA rules for research and hunting purposes.

A command-line tool that secures shell command history by clearing sensitive commands, displaying command summaries, and providing stash functionality for presentations across multiple shell environments.

A PowerShell module for threat hunting and security analysis through Windows Event Log processing and malicious activity detection.

PowerGRR is a PowerShell API client library that automates GRR (Google Rapid Response) operations for digital forensics and incident response across multiple operating systems.

Lists of sources and utilities to hunt, detect, and prevent evildoers.

A .NET wrapper for libyara that provides a simplified API for developing tools in C# and PowerShell.

A repository documenting AppLocker bypass techniques with verified methods, legacy DLL execution approaches, and a PowerShell module for identifying AppLocker weaknesses.

FLARE-VM is a Windows virtual machine setup tool that automates the installation and configuration of reverse engineering and malware analysis software using Chocolatey and Boxstarter technologies.

A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.

A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.

CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.

A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.

A comprehensive resource for securing Active Directory, including attack methods and effective defenses.