gfoss / PSReconLinks
PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
☆489Updated 8 years ago
Alternatives and similar repositories for PSRecon
Users that are interested in PSRecon are comparing it to the libraries listed below
Sorting:
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆660Updated 6 years ago
- Powershell-based Windows Security Auditing Toolbox☆575Updated 6 years ago
- PowerShell - Rapid Response... For the incident responder in you!☆303Updated 6 years ago
- Currently not updated for WMIEvent module...☆263Updated 9 years ago
- PowerShell Module with Security cmdlets for security work☆448Updated 5 years ago
- ☆520Updated 4 years ago
- A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)☆738Updated 6 years ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆370Updated 6 years ago
- Powershell Threat Hunting Module☆287Updated 9 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,420Updated 2 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆476Updated last year
- Automated, Collection, and Enrichment Platform☆324Updated 6 years ago
- Active Directory Control Paths auditing and graphing tools☆674Updated 4 years ago
- A PowerShell Module Dedicated to Reverse Engineering☆889Updated 4 years ago
- A tool for deploying and detecting use of Active Directory honeytokens☆508Updated 3 years ago
- DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.☆469Updated 5 years ago
- PowerShell Obfuscation Detection Framework☆747Updated 2 years ago
- A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.☆486Updated 4 years ago
- Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber☆405Updated 3 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆386Updated last year
- Configuration guidance for implementing Pass-the-Hash mitigations. #nsacyber☆200Updated 9 years ago
- Exploit the credentials present in files and memory☆844Updated 2 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.☆214Updated 4 years ago
- The Phishing Intelligence Engine - An Active Defense PowerShell Framework for Phishing Defense with Office 365☆181Updated 5 years ago
- A PowerShell TCP/IP swiss army knife.☆570Updated 8 years ago
- ☆427Updated 2 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆815Updated 2 years ago
- ☆280Updated 2 years ago
- Query and report user logons relations from MS Windows Security Events☆243Updated 7 years ago
- CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities☆189Updated last year