PowerShell No Agent Hunting
☆111Apr 23, 2018Updated 7 years ago
Alternatives and similar repositories for NOAH
Users that are interested in NOAH are comparing it to the libraries listed below
Sorting:
- Powershell Threat Hunting Module☆290Sep 21, 2016Updated 9 years ago
- Maps process creation logged by Sysmon uses Google Org Chart API☆23Mar 5, 2016Updated 10 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,427Nov 16, 2023Updated 2 years ago
- Lazy Office Analyzer☆121Feb 15, 2017Updated 9 years ago
- A Powershell incident response framework☆1,640Nov 22, 2022Updated 3 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆657Aug 19, 2019Updated 6 years ago
- ☆46Apr 6, 2017Updated 8 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆843Jun 25, 2024Updated last year
- Random Code Store☆17Mar 27, 2023Updated 2 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.☆214Mar 29, 2021Updated 4 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆938Dec 12, 2023Updated 2 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- ☆349Mar 19, 2021Updated 5 years ago
- Evil Inject Finder Remote Capability and Parser☆11Nov 22, 2018Updated 7 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…☆494Jul 29, 2017Updated 8 years ago
- CyLR - Live Response Collection Tool☆714Jun 1, 2022Updated 3 years ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslists☆14Dec 27, 2017Updated 8 years ago
- Incident Response Forensic Framework☆612Nov 20, 2019Updated 6 years ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 4 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆480Nov 15, 2024Updated last year
- Tools for the Computer Incident Response Team☆150Apr 17, 2017Updated 8 years ago
- An information security preparedness tool to do adversarial simulation.☆1,137Apr 1, 2019Updated 6 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆209Sep 15, 2021Updated 4 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 5 years ago
- An informational repo about hunting for adversaries in your IT environment.☆1,859Nov 17, 2021Updated 4 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆387Jun 25, 2024Updated last year
- Currently not updated for WMIEvent module...☆262Feb 23, 2016Updated 10 years ago
- PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.☆52Jan 25, 2018Updated 8 years ago
- BackdoorMan is a toolkit that helps you find malicious, hidden and suspicious PHP scripts and shells in a chosen destination.☆77Dec 13, 2022Updated 3 years ago
- Active Directory enumeration from non-domain system.☆118Dec 15, 2016Updated 9 years ago
- ☆432May 3, 2023Updated 2 years ago
- Custom scripts released for BSidesDC 2016☆14Oct 19, 2016Updated 9 years ago
- Signature engine for all your logs☆172Nov 13, 2023Updated 2 years ago
- Force-Directed Graph Generator for Volatility Ouputs☆26Mar 3, 2019Updated 7 years ago
- Decompile .Net code in Powershell☆13Sep 21, 2015Updated 10 years ago
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- ☆17Nov 12, 2017Updated 8 years ago