gfoss / PSRecon
PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
☆479Updated 7 years ago
Related projects ⓘ
Alternatives and complementary repositories for PSRecon
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆645Updated 5 years ago
- Powershell-based Windows Security Auditing Toolbox☆572Updated 5 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,385Updated 11 months ago
- Currently not updated for WMIEvent module...☆261Updated 8 years ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆367Updated 5 years ago
- PowerShell Module with Security cmdlets for security work☆435Updated 4 years ago
- PowerShell Obfuscation Detection Framework☆725Updated 11 months ago
- GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.☆628Updated 7 years ago
- A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)☆737Updated 5 years ago
- A PowerShell Module Dedicated to Reverse Engineering☆858Updated 3 years ago
- PowerShell - Rapid Response... For the incident responder in you!☆293Updated 5 years ago
- Powershell Threat Hunting Module☆278Updated 8 years ago
- Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into …☆774Updated last year
- Automated, Collection, and Enrichment Platform☆322Updated 4 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆435Updated this week
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆802Updated 4 months ago
- A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.☆465Updated 3 years ago
- ☆505Updated 3 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆899Updated 10 months ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆381Updated 4 months ago
- A script for advanced discovery of Privileged Accounts - includes Shadow Admins☆786Updated 5 years ago
- A Powershell incident response framework☆1,558Updated last year
- Powershell C2 Server and Implants☆573Updated 4 years ago
- Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber☆398Updated last year
- Not PowerShell☆444Updated 8 years ago
- CrowdStrike Falcon Orchestrator provides automated workflow and response capabilities☆186Updated 9 months ago
- PowerShell Scripts I find useful☆735Updated 8 years ago
- ☆416Updated last year