PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
☆58Mar 18, 2022Updated 3 years ago
Alternatives and similar repositories for PowerGRR
Users that are interested in PowerGRR are comparing it to the libraries listed below
Sorting:
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆40Mar 18, 2022Updated 3 years ago
- Volatility plugin to extract X screenshots from a memory dump☆37May 15, 2018Updated 7 years ago
- Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)☆15Feb 1, 2021Updated 5 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- An Incident Response tool to extract console command history and screen output buffer☆42Jan 11, 2018Updated 8 years ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆26May 18, 2021Updated 4 years ago
- A repository to share contributions related to TheHive Project☆22Sep 15, 2021Updated 4 years ago
- SQL scripts for querying event logs☆21Jul 12, 2017Updated 8 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- "Evolving AppCompat/AmCache data analysis beyond grep"☆209Sep 15, 2021Updated 4 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆218Jul 17, 2020Updated 5 years ago
- Tools for the Computer Incident Response Team☆150Apr 17, 2017Updated 8 years ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆185Oct 3, 2025Updated 4 months ago
- The Seeker of IOC☆131Oct 2, 2020Updated 5 years ago
- Auxiliary scripts for Incident Response with ELK☆11Oct 7, 2015Updated 10 years ago
- Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compro…☆10Mar 2, 2018Updated 7 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆177Jun 10, 2021Updated 4 years ago
- Import AbuseCH IOC Feeds into MISP☆12Feb 17, 2021Updated 5 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆481Nov 15, 2024Updated last year
- Digital Forensics artifact repository☆1,207Feb 11, 2026Updated 2 weeks ago
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Jan 30, 2018Updated 8 years ago
- VolatilityBot – An automated memory analyzer for malware samples and memory dumps☆270Jun 15, 2021Updated 4 years ago
- A PowerShell script to interact with the MITRE ATT&CK Framework via its own API☆370Feb 7, 2019Updated 7 years ago
- Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"☆26Jul 22, 2019Updated 6 years ago
- Implementation of the DIMVA 2017 publication "Quincy: Detecting Host-Based Code Injection Attacks in Memory Dumps"☆69Mar 7, 2022Updated 3 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- Distributed password cracker for operating over high latency networks of loosely coupled hosts.☆13Jul 30, 2013Updated 12 years ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 10 months ago
- Linux and Windows Hardening Points☆12Mar 6, 2018Updated 7 years ago
- ☆11Oct 3, 2021Updated 4 years ago
- Ponmocup Indicators of Compromise☆11Feb 4, 2016Updated 10 years ago
- Network Defender Toolkit☆18Jun 11, 2013Updated 12 years ago
- My solutions in Python for Corelan's Exploit Writing Tutorials☆13Jun 2, 2016Updated 9 years ago
- A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.☆12Feb 26, 2024Updated 2 years ago
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted da…☆493Jul 29, 2017Updated 8 years ago
- CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across al…☆658Aug 19, 2019Updated 6 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago