30 tools and resources
SharpAppLocker provides a C# adaptation of the Get-AppLockerPolicy cmdlet for managing application control policies.
ForensicMiner, Redefine DFIR Automations
Weaponize Word documents with PowerShell Empire using the Microsoft DDE exploit.
A collection of Microsoft PowerShell modules for penetration testing purposes.
A PowerShell obfuscation detection framework designed to highlight the limitations of signature-based detection and provide a scalable means of detecting known and unknown obfuscation techniques.
Discontinued project for file-less persistence, attacks, and anti-forensic capabilities on Windows 7 32-bit systems.
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
PowerForensics is a PowerShell digital forensics framework for hard drive forensic analysis.
A collection of YARA rules for research and hunting purposes.
A tool to secure your shell commands history by clearing sensitive commands
A PowerShell module for threat hunting via Windows Event Logs
PowerGRR is a PowerShell module for the GRR API, allowing automation and scripting for incident response and remote live forensics.
Lists of sources and utilities to hunt, detect, and prevent evildoers.
A .NET wrapper for libyara that provides a simplified API for developing tools in C# and PowerShell.
Repository documenting common techniques to bypass AppLocker with verified, unverified, and generic bypasses.
A PowerShell-based incident response and live forensic data acquisition tool for Windows hosts.
A collection of PowerShell modules for artifact gathering and reconnaissance of Windows-based endpoints.
CimSweep is a suite of CIM/WMI-based tools for incident response and hunting operations on Windows systems without the need to deploy an agent.
A comprehensive PowerShell cheat sheet covering various tasks and techniques for file management, process management, network operations, and system administration.
A comprehensive resource for securing Active Directory, including attack methods and effective defenses.
Ebowla is a tool for generating payloads in Python, GO, and PowerShell with support for Reflective DLLs.
Powerful PowerShell script for identifying missing software patches for local privilege escalation vulnerabilities.
Powershell Threat Hunting Module for scanning remote endpoints and collecting comprehensive information.
Cheat sheet with common enumeration and attack methods for Windows Active Directory.
A PowerShell module for interacting with VirusTotal to analyze suspicious files and URLs.
A blog post about bypassing AppLocker using PowerShell diagnostic scripts
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
Monitor WMI consumers and processes for potential malicious activity
