PSGuerrilla
2.24.0
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF PSGuerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Invoke-Lookout Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-GuerrillaMaturity Get-QuickWins Get-ComplianceCrosswalk Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Export-BloodHoundData Show-Guerrilla
Dependencies
This module has no dependencies.
Release Notes
v2.24.0: Full EIDSCA baseline (44 controls) as a new Eidsca category - matches Maester EIDSCA 1:1 (AF/AG/AM/AS/AT/AV auth-method, AP authorization, CP/CR consent, PR password-protection, ST guest-group). Control definitions (Graph object + exact property path + operator + expected) extracted from the authoritative Maester corpus, not fabricated; live in Data/AuditChecks/EidscaChecks.json. Data-driven evaluator (Resolve-EidscaControl) runs against the raw Graph objects PSGuerrilla already collects (authenticationMethodsPolicy/authorizationPolicy/adminConsentRequestPolicy/directory settings) - no new collection. Surfaced via Get-ComplianceCrosswalk -Framework EIDSCA and the new Invoke-Infiltration category. EIDSCA coverage 10 approximate tags -> 44 controls evaluated (interim tags removed to avoid duplicate crosswalk rows). Check count 473 -> 517 (Entra/M365 158 -> 202; AD 205, GWS 110 unchanged). HONEST: any control whose source policy/setting was not collected returns SKIP = Not Assessed, never PASS. Test verify-eidsca.ps1 (18/18). Maester roadmap M1 done; next M2 CA what-if + M6 EXO/email depth. v2.23.0: Fixes from the v2.22.0 live-validation pass. FIXED: attack-path visuals rendered EMPTY on real domains - the shared report code read Details.Chains (only ADPATH-002 has that) but ADPATH-001 carries rich objects under Details.Paths, and the @(null).Count==1 gotcha defeated the AffectedItems fallback; a shared gather now reads BOTH shapes, filters null, excludes by-design Expected service-account paths, and derives hop count when Length is absent (fixes the Attack Paths list + Cartography across Recon/Campaign/Technical). FIXED: compliance crosswalk silently dropped SKIP checks (coverage read artificially low) - SKIP now surfaces as Not Assessed, only ERROR dropped. FIXED: maturity rated all-SKIP categories as Level 5 Optimized - now Level 0 Not Assessed (absence of evidence is not compliance). CHANGED: BloodHound export resolves well-known privileged groups (Domain/Enterprise/Schema Admins + builtin operator aliases) to real SIDs so they overlay SharpHound instead of parallel NAME: nodes. CHANGED: full-domain ACL sweep now includes organizationalUnit objects (OU delegation was invisible). Report/honesty only - no check/scoring/count changes (473 checks, 46 functions). Tests: report-sections 29/29, maturity 22/22, bloodhound 14/14, fulldomain 18/18, scuba 12/12. See CHANGELOG.md for v2.23.0 and earlier.
FileList
- PSGuerrilla.nuspec
- Public\Test-Safehouse.ps1
- Public\Get-Patrol.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Audit\Get-FortificationData.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Vault\Test-CredentialConnectivity.ps1
- Private\Console\Write-WiretapReport.ps1
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\GoogleTradecraftChecks.json
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\Entra\Core\Get-IntuneData.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- LICENSE
- Public\Send-SignalPushover.ps1
- Public\Export-Dashboard.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Vault\Get-SafehouseSecret.ps1
- Private\Console\Write-FieldReport.ps1
- Data\AuditChecks\ADAttackPathChecks.json
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Private\AD\Core\Get-ADCertificateServices.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- CHANGELOG.md
- Public\Get-TrendReport.ps1
- Public\Send-Signal.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Vault\Save-SafehouseCredentialSet.ps1
- Private\Console\Write-FortificationReport.ps1
- Data\AuditChecks\TierZeroChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- PSGuerrilla.format.ps1xml
- Public\Export-BloodHoundData.ps1
- Public\Export-BudgetJustification.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Audit\Get-GuerrillaSimulatedFindings.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Vault\Get-SafehouseCredentialView.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Data\AuditChecks\M365AuditChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\AD\Core\Get-ADFullDomainAcl.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- AI-USAGE.md
- Public\Send-SignalDigest.ps1
- Public\Send-SignalEventLog.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\Console\Write-ProgressLine.ps1
- Data\AuditChecks\M365ExchangeChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- README.md
- Public\Invoke-ReconDemo.ps1
- Public\Show-Guerrilla.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Core\Get-OperationState.ps1
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Data\AuditChecks\IntuneChecks.json
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- CONTRIBUTING.md
- Public\Get-GuerrillaScore.ps1
- Public\Get-GuerrillaMaturity.ps1
- Private\Core\Add-ScanHistoryEntry.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Audit\Invoke-GoogleTradecraftChecks.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- PSGuerrilla.psd1
- Public\Invoke-Watchtower.ps1
- Public\Register-Patrol.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\Console\Write-CampaignReport.ps1
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- Public\Send-SignalTwilio.ps1
- Public\Get-Safehouse.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Private\Console\Write-OperationHeader.ps1
- Data\AuditChecks\EidscaChecks.json
- Private\AD\Core\Resolve-ADSid.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- PSGuerrilla.psm1
- Public\Send-SignalSendGrid.ps1
- Public\Export-ExecutiveSummary.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Google\Get-GoogleCloudIdentityPolicies.ps1
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Data\Profiles\K12-Baseline.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- Public\Send-SignalMailgun.ps1
- Public\Invoke-Fortification.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Vault\Read-MissionConfig.ps1
- Data\Profiles\Default-Baseline.json
- Data\AuditChecks\AuthenticationChecks.json
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Config\guerrilla-config-schema.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Surveillance.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Console\Write-GuerrillaText.ps1
- Data\Localization\en-US.json
- Data\AuditChecks\ADTradecraftChecks.json
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Config\guerrilla-defaults.json
- Public\Set-Safehouse.ps1
- Public\Send-SignalTeams.ps1
- Private\Core\Test-2svDisablement.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\AdminManagementChecks.json
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Public\Invoke-Campaign.ps1
- Public\Export-ReportPdf.ps1
- Data\SuspiciousCountries.json
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Google\Get-GoogleGroupSettings.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Console\Write-SpectreTable.ps1
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\Entra\Checks\Invoke-EntraEidscaChecks.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Public\Export-RemediationScripts.ps1
- Public\Invoke-Lookout.ps1
- Data\VpnTorProxies.json
- Private\Core\Save-TheaterState.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Gui\Show-AddCredentialDialog.ps1
- Private\Export\Get-GuerrillaReportSectionHtml.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Checks\Invoke-ADAttackPathChecks.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Public\Set-RiskAcceptance.ps1
- Public\Update-ThreatIntel.ps1
- Data\ComplianceCrosswalk.json
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Console\Write-SpectreProgress.ps1
- Data\AuditChecks\OAuthSecurityChecks.json
- Data\AuditChecks\ADCertificateServicesChecks.json
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Public\Get-QuickWins.ps1
- Public\Get-DeadDrop.ps1
- Data\ThreatActorProfiles.json
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Console\Write-InterceptAlert.ps1
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Get-ComplianceCrosswalk.ps1
- Data\RemediationCosts.json
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Console\Write-SpectrePanel.ps1
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\ADNetworkChecks.json
- Private\AD\Core\New-LdapConnection.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Public\Send-SignalSyslog.ps1
- Public\Export-RemediationPlaybook.ps1
- Data\CloudIpRanges.json
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Data\AuditChecks\M365TeamsChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Private\AD\Core\Get-ADAttackPath.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\Entra\Core\Resolve-EidscaControl.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Public\Invoke-Wiretap.ps1
- Public\Invoke-Reconnaissance.ps1
- Data\HighRiskOAuthApps.json
- Private\Core\Get-IpGeoData.ps1
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Private\AD\Core\Get-ADTransitiveAttackPath.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Public\Invoke-Recon.ps1
- Public\Unregister-Patrol.ps1
- Data\KnownAttackerIps.json
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Export\Get-GuerrillaReportTheme.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Public\Send-SignalWebhook.ps1
- Public\Send-SignalSlack.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Audit\Resolve-GooglePolicyValue.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\ADDomainForestChecks.json
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Public\Get-RiskAcceptance.ps1
- Public\Invoke-Infiltration.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Audit\Compare-FortificationState.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Console\Write-SpectreTree.ps1
- Data\AuditChecks\EntraAppChecks.json
Version History
| Version | Downloads | Last updated |
|---|---|---|
| 2.37.0 | 5 | 6/27/2026 |
| 2.36.0 | 5 | 6/27/2026 |
| 2.35.0 | 6 | 6/26/2026 |
| 2.34.0 | 4 | 6/25/2026 |
| 2.33.0 | 3 | 6/25/2026 |
| 2.32.2 | 4 | 6/25/2026 |
| 2.32.1 | 4 | 6/25/2026 |
| 2.32.0 | 6 | 6/25/2026 |
| 2.31.0 | 7 | 6/24/2026 |
| 2.30.3 | 5 | 6/24/2026 |
| 2.30.2 | 5 | 6/24/2026 |
| 2.30.1 | 6 | 6/24/2026 |
| 2.30.0 | 6 | 6/24/2026 |
| 2.29.1 | 7 | 6/22/2026 |
| 2.29.0 | 4 | 6/22/2026 |
| 2.28.1 | 4 | 6/22/2026 |
| 2.28.0 | 4 | 6/22/2026 |
| 2.27.0 | 5 | 6/22/2026 |
| 2.26.0 | 7 | 6/22/2026 |
| 2.25.0 | 4 | 6/22/2026 |
| 2.24.0 (current version) | 8 | 6/22/2026 |
| 2.23.0 | 6 | 6/21/2026 |
| 2.22.0 | 8 | 6/21/2026 |
| 2.21.0 | 7 | 6/21/2026 |
| 2.20.1 | 5 | 6/21/2026 |
| 2.20.0 | 4 | 6/21/2026 |
| 2.19.0 | 6 | 6/21/2026 |
| 2.18.0 | 7 | 6/21/2026 |
| 2.17.0 | 5 | 6/21/2026 |
| 2.16.0 | 5 | 6/21/2026 |
| 2.15.0 | 9 | 6/21/2026 |
| 2.14.1 | 8 | 6/20/2026 |
| 2.14.0 | 8 | 6/20/2026 |
| 2.13.0 | 7 | 6/20/2026 |
| 2.12.1 | 6 | 6/20/2026 |
| 2.12.0 | 9 | 6/20/2026 |
| 2.11.1 | 6 | 6/20/2026 |
| 2.11.0 | 5 | 6/19/2026 |
| 2.10.8 | 11 | 6/19/2026 |
| 2.10.7 | 16 | 6/19/2026 |
| 2.10.6 | 5 | 6/19/2026 |
| 2.10.5 | 6 | 6/19/2026 |
| 2.10.4 | 14 | 6/18/2026 |
| 2.10.3 | 9 | 6/18/2026 |
| 2.10.2 | 8 | 6/18/2026 |
| 2.10.1 | 7 | 6/18/2026 |
| 2.10.0 | 6 | 6/18/2026 |
| 2.9.4 | 7 | 6/18/2026 |
| 2.9.3 | 7 | 6/18/2026 |
| 2.9.2 | 5 | 6/18/2026 |
| 2.9.1 | 5 | 6/18/2026 |
| 2.9.0 | 9 | 6/17/2026 |
| 2.8.1 | 7 | 6/17/2026 |
| 2.8.0 | 7 | 6/17/2026 |
| 2.7.0 | 11 | 6/17/2026 |
| 2.6.0 | 6 | 6/16/2026 |
| 2.5.2 | 7 | 6/16/2026 |
| 2.5.1 | 6 | 6/16/2026 |
| 2.5.0 | 6 | 6/16/2026 |
| 2.4.4 | 6 | 6/16/2026 |
| 2.4.3 | 6 | 6/16/2026 |
| 2.4.2 | 7 | 6/16/2026 |
| 2.4.1 | 8 | 6/15/2026 |
| 2.4.0 | 9 | 6/11/2026 |
| 2.3.1 | 12 | 5/28/2026 |
| 2.3.0 | 5 | 5/28/2026 |
| 2.2.1 | 12 | 5/15/2026 |
| 2.2.0 | 4 | 5/15/2026 |