PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.
☆58Mar 18, 2022Updated 4 years ago
Alternatives and similar repositories for PowerGRR
Users that are interested in PowerGRR are comparing it to the libraries listed below
Sorting:
- PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.☆40Mar 18, 2022Updated 4 years ago
- Threat hunting repo for my independent study on threat hunting with OSQuery☆27Jan 16, 2018Updated 8 years ago
- A multi-platform .Net wrapper library for the native Yara library.☆39Jun 30, 2023Updated 2 years ago
- Check Sigma rules for easy-to-bypass whitelists to make them more robust (https://github.com/SigmaHQ/sigma)☆15Feb 1, 2021Updated 5 years ago
- Windows privileges add to the complexity of Windows user permissions. Each additional user added to a group could lead to a domain compro…☆10Mar 2, 2018Updated 8 years ago
- Collection of malware persistence and hunting information. Be a persistent persistence hunter!☆185Oct 3, 2025Updated 5 months ago
- This package allows the use of a custom Elastalert Alert which creates alerts with observables in TheHive using TheHive4Py.☆26May 18, 2021Updated 4 years ago
- PowerKrabsEtw is a PowerShell interface for doing real-time ETW tracing.☆103Nov 17, 2020Updated 5 years ago
- Some IR notes☆73Jul 23, 2016Updated 9 years ago
- Network detector for Winnti malware☆21Mar 6, 2018Updated 8 years ago
- SQL scripts for querying event logs☆21Jul 12, 2017Updated 8 years ago
- A YARA Rule Performance Measurement Tool☆61Feb 26, 2024Updated 2 years ago
- Auxiliary scripts for Incident Response with ELK☆11Oct 7, 2015Updated 10 years ago
- Parses KAPE module files and downloads binaries referenced by BinaryURL☆18Oct 2, 2019Updated 6 years ago
- Binaries for the log2timeline projects and dependencies☆40Feb 8, 2026Updated last month
- An Incident Response tool to extract console command history and screen output buffer☆42Jan 11, 2018Updated 8 years ago
- my MSTICpy practice and custom tools repository☆11Apr 23, 2025Updated 10 months ago
- A repository to share contributions related to TheHive Project☆22Sep 15, 2021Updated 4 years ago
- PowerShell No Agent Hunting☆111Apr 23, 2018Updated 7 years ago
- A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.☆480Nov 15, 2024Updated last year
- Digital Forensics artifact repository☆1,213Feb 11, 2026Updated last month
- "Evolving AppCompat/AmCache data analysis beyond grep"☆209Sep 15, 2021Updated 4 years ago
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆47Jan 28, 2026Updated last month
- Volatility plugin to extract X screenshots from a memory dump☆37May 15, 2018Updated 7 years ago
- Oriana is a threat hunting tool that leverages a subset of Windows events to build relationships, calculate totals and run analytics. The…☆176Jun 10, 2021Updated 4 years ago
- ForGe Forensic test image generator☆34Mar 19, 2015Updated 11 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆118Jan 22, 2026Updated 2 months ago
- Query and report user logons relations from MS Windows Security Events☆243Aug 9, 2018Updated 7 years ago
- Code for the DIMVA 2018 paper: "MemScrimper: Time- and Space-Efficient Storage of Malware Sandbox Memory Dumps"☆26Jul 22, 2019Updated 6 years ago
- LNK to JSON☆14Mar 7, 2019Updated 7 years ago
- Collaborative, web-based case management for incident response☆24Jan 23, 2024Updated 2 years ago
- Forensic Artifact Collection Tool Matrix☆95Nov 9, 2024Updated last year
- An Incident Response tool that visualizes historic process execution evidence (based on Event ID 4688 - Process Creation Event) in a tree…☆60Jan 30, 2018Updated 8 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- Allows you to quickly query a Windows machine for RAM artifacts☆219Jul 17, 2020Updated 5 years ago
- The Cold Disk Quick Response (CDQR) tool is a fast and easy to use forensic artifact parsing tool that works on disk images, mounted driv…☆343Jun 25, 2022Updated 3 years ago
- Automated, Collection, and Enrichment Platform☆324Nov 14, 2019Updated 6 years ago
- Import AbuseCH IOC Feeds into MISP☆12Feb 17, 2021Updated 5 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆22Jan 12, 2017Updated 9 years ago