PowerShell No Agent Hunting
☆111Apr 23, 2018Updated 7 years ago
Alternatives and similar repositories for NOAH
Users that are interested in NOAH are comparing it to the libraries listed below
Sorting:
- Powershell Threat Hunting Module☆290Sep 21, 2016Updated 9 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- Lazy Office Analyzer☆121Feb 15, 2017Updated 9 years ago
- Maps process creation logged by Sysmon uses Google Org Chart API☆23Mar 5, 2016Updated 9 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- PowerForensics provides an all in one platform for live disk forensic analysis☆1,427Nov 16, 2023Updated 2 years ago
- Tools for the Computer Incident Response Team☆150Apr 17, 2017Updated 8 years ago
- PowerShell module for creating and managing Sysinternals Sysmon config files.☆214Mar 29, 2021Updated 4 years ago
- A Powershell incident response framework☆1,640Nov 22, 2022Updated 3 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆658Aug 19, 2019Updated 6 years ago
- Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.☆937Dec 12, 2023Updated 2 years ago
- ☆349Mar 19, 2021Updated 4 years ago
- Expert Investigation Guides☆51Mar 18, 2021Updated 4 years ago
- Decompile .Net code in Powershell☆13Sep 21, 2015Updated 10 years ago
- This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported …☆842Jun 25, 2024Updated last year
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Incident Response Forensic Framework☆611Nov 20, 2019Updated 6 years ago
- Server's remote inventory, WMI, MSSQL Database☆15Aug 8, 2016Updated 9 years ago
- Random Code Store☆17Mar 27, 2023Updated 2 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…☆493Jul 29, 2017Updated 8 years ago
- Signature engine for all your logs☆172Nov 13, 2023Updated 2 years ago
- Invoke-LiveResponse☆150Feb 22, 2022Updated 4 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆209Sep 15, 2021Updated 4 years ago
- An informational repo about hunting for adversaries in your IT environment.☆1,850Nov 17, 2021Updated 4 years ago
- An information security preparedness tool to do adversarial simulation.☆1,139Apr 1, 2019Updated 6 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆481Nov 15, 2024Updated last year
- Collect, Process, and Hunt with host based data from MacOS, Windows, and Linux☆505Oct 21, 2022Updated 3 years ago
- This repo is for WMIOps, a powershell script which uses WMI for various purposes across a network.☆388Jun 25, 2024Updated last year
- CyLR - Live Response Collection Tool☆711Jun 1, 2022Updated 3 years ago
- Checks observables/ioc in TheHive/Cortex against the MISP warningslists☆14Dec 27, 2017Updated 8 years ago
- ☆46Apr 6, 2017Updated 8 years ago
- Currently not updated for WMIEvent module...☆262Feb 23, 2016Updated 10 years ago
- ☆432May 3, 2023Updated 2 years ago
- Collection of forensics artifacts location for Mac OS X and iOS☆342Nov 11, 2021Updated 4 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Jul 17, 2020Updated 5 years ago
- CyCAT.org taxonomies☆15May 22, 2021Updated 4 years ago
- Custom scripts released for BSidesDC 2016☆14Oct 19, 2016Updated 9 years ago
- PowerShell script utilized to pull several forensic artifacts from a live Win7 and WinXP system without WINRM.☆51Jan 25, 2018Updated 8 years ago
- Active Directory enumeration from non-domain system.☆118Dec 15, 2016Updated 9 years ago