Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response). For more information on the script and the logic behin…
☆79Dec 24, 2017Updated 8 years ago
Alternatives and similar repositories for check_ioc
Users that are interested in check_ioc are comparing it to the libraries listed below
Sorting:
- Indicator of Compromise Mapping Service☆12Apr 15, 2014Updated 11 years ago
- Gathers a defined subset of various logs and highlights important lines.☆19Sep 10, 2021Updated 4 years ago
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆36Dec 9, 2019Updated 6 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…☆494Jul 29, 2017Updated 8 years ago
- Powershell module to assist in attacking Exchange/Outlook Web Access☆182Sep 22, 2016Updated 9 years ago
- Powershell tool to download malware samples.☆12Feb 10, 2016Updated 10 years ago
- Runs Responder, uploads hashes for cracking, alerts when cracked☆37Mar 16, 2016Updated 10 years ago
- Set of small tools for managing AES encrypted credentials for powershell scripts☆21Jan 20, 2015Updated 11 years ago
- Easily serve HTTP and DNS keys for proper payload protection☆59Nov 10, 2018Updated 7 years ago
- Auto Domain Admin and Network Exploitation.☆299Dec 21, 2017Updated 8 years ago
- A series of GPO templates☆21Jan 2, 2017Updated 9 years ago
- SMB Named Pipe shell☆69Nov 19, 2024Updated last year
- The following repository contains the SecurityTube Linux Assembly Expert assignments, and exam☆18Nov 27, 2017Updated 8 years ago
- Server for receiving autorun data from the clients☆13Sep 26, 2017Updated 8 years ago
- ☆11Aug 19, 2017Updated 8 years ago
- This Repository is for random Knicks and knacks - in relation to PowerShell scripts I have created for one task or another.☆16Jan 13, 2025Updated last year
- ☆10Jan 4, 2015Updated 11 years ago
- Get all AD objects which are hidden from you☆18Aug 21, 2017Updated 8 years ago
- PowerShell Information Server☆48Oct 26, 2017Updated 8 years ago
- Scrypture makes it easy to put Python scripts online. Simply add a class to your Python script and Scrypture will automatically serve you…☆11Oct 23, 2019Updated 6 years ago
- Use TpAllocWork, TpPostWork and TpReleaseWork to execute machine code☆24Mar 13, 2023Updated 3 years ago
- Powershell Threat Hunting Module☆290Sep 21, 2016Updated 9 years ago
- Monitor adapter, Fake DNS, Tunnel, and DHCP combined into one Windows Service☆12Apr 19, 2015Updated 10 years ago
- IOC (Indicator of Compromise) Extractor: a program to help extract IOCs from text files.☆135Jan 14, 2016Updated 10 years ago
- Static Feature Extraction & Selection (used in conjunction with the MASTIFF framework)☆16Oct 19, 2016Updated 9 years ago
- ☆17Mar 22, 2018Updated 7 years ago
- A module for working with Windows Event Collector service and maintain Windows Event Forwarding subscriptions.☆34Dec 14, 2025Updated 3 months ago
- A reference Device Guard code integrity policy consisting of FilePublisher deny rules for published Device Guard configuration bypasses☆115May 27, 2017Updated 8 years ago
- A Powershell incident response framework☆1,640Nov 22, 2022Updated 3 years ago
- List of PowerShell scripts conjured up for my consumption (you are welcome to use)☆36Oct 17, 2013Updated 12 years ago
- Based on the Volatility framework, this script will run various plugins as well as create a timeline, or use YARA/ClamAV/VirusTotal to fi…☆49May 31, 2017Updated 8 years ago
- InsecurePowerShell is PowerShell with some security features removed.☆104Dec 19, 2017Updated 8 years ago
- Malware analysis tool☆22Apr 27, 2025Updated 10 months ago
- This function runs a number of checks on a system to help provide situational awareness to a penetration tester during the reconnaissance…☆463Oct 3, 2017Updated 8 years ago
- scripts to help beginners program in Bro☆21Aug 10, 2013Updated 12 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆657Aug 19, 2019Updated 6 years ago
- A DB of known Web Application Admin URLS, Username/Password Combos and Exploits☆156Apr 22, 2015Updated 10 years ago
- CommunityHoneyNetwork Server☆40May 1, 2023Updated 2 years ago
- Exploit the credentials present in files and memory☆843May 25, 2023Updated 2 years ago