PSGuerrilla
2.4.2
Minimum PowerShell version
7.0
Installation Options
Owners
Copyright
(c) 2026 Jim Tyler. All rights reserved.
Package Details
Author(s)
- Jim Tyler Microsoft MVP
Tags
GoogleWorkspace ActiveDirectory EntraID AzureAD Intune M365 Security CompromiseAssessment IncidentResponse ThreatDetection ADSecurity CloudSecurity NTLMRelay TierZero GUI WPF PSGuerrilla
Functions
Invoke-Recon Invoke-Surveillance Invoke-Watchtower Invoke-Wiretap Get-DeadDrop Send-Signal Send-SignalSendGrid Send-SignalMailgun Send-SignalTwilio Send-SignalTeams Send-SignalSlack Send-SignalWebhook Send-SignalPagerDuty Send-SignalPushover Send-SignalSyslog Send-SignalEventLog Send-SignalDigest Set-Safehouse Test-Safehouse Get-Safehouse Register-Patrol Unregister-Patrol Get-Patrol Update-ThreatIntel Invoke-ReconDemo Invoke-Fortification Invoke-Reconnaissance Invoke-Infiltration Invoke-Campaign Get-GuerrillaScore Get-QuickWins Get-ComplianceCrosswalk Export-BudgetJustification Export-ExecutiveSummary Export-TechnicalReport Export-RemediationPlaybook Export-RemediationScripts Set-RiskAcceptance Get-RiskAcceptance Get-TrendReport Export-ReportPdf Export-Dashboard Show-Guerrilla
Dependencies
This module has no dependencies.
Release Notes
v2.4.2 (patch): Show-Guerrilla scan log now shows live, readable progress. The runspace's Write-ProgressLine output (per-phase/per-collector status like "Connecting to Active Directory", "Enumerating certificate templates") is emitted as several Write-Host -NoNewline fragments carrying ANSI colour codes — the GUI now strips the ANSI escapes and reassembles the fragments into clean whole lines instead of dropping or garbling them. Also drains the Warning stream and adds a "... still working (Ns elapsed)" heartbeat so long, quiet collection phases no longer look hung. Footer version now reads from the manifest instead of a hardcoded "v2.3.0". v2.4.1 (patch): Fix Show-Guerrilla "Run Scan" crashing with "The expression after '&' ... was not valid" when a scan completed or failed. The OnLog/OnComplete/OnError callbacks were built with GetNewClosure() inside the Run-button click handler, which snapshots only that handler's own locals — not the function-scope helpers ($appendLog/$resetOperationsUI/$session/$brushes) they reference — so those resolved to $null when the DispatcherTimer fired the callbacks. (Latent since 2.3.0; only surfaced in 2.4.0 once the async completion path was fixed to actually fire callbacks.) The helpers are now localized into the handler scope before the closures are built. Also hardened Invoke-GuerrillaGuiAsync so a throwing callback is downgraded to a warning instead of escaping the timer tick and wedging the window. v2.4.0 (audit release): Show-Guerrilla scans now actually deliver results — the async DispatcherTimer handler was not a closure so completion callbacks could never fire, and results were read from EndInvoke (always empty with the explicit-output BeginInvoke overload) instead of the output collection; a stray non-terminating error mid-scan no longer discards a successful run. Security: vault-staged Google service-account keys are now removed from %TEMP% via try/finally in Invoke-Recon/Invoke-Fortification/Invoke-Campaign (previously the private key lingered after every vault-based scan); Set-Safehouse offers to delete the original key file only AFTER the vault write succeeds; Send-SignalSyslog escapes CEF/LEEF metacharacters and flattens CR/LF/tab in threat-derived fields (log-forgery hardening); Get-Safehouse again masks plaintext secrets found in config.json unless -ShowSecrets. Reliability: every Invoke-RestMethod call now has an explicit timeout (30s alert senders/token/geo, 120s Graph/ARM/Google API wrappers) so a hung endpoint cannot stall a patrol; Save-TheaterState writes atomically; Register-Patrol escapes quotes in generated runner paths; Show-Guerrilla validates STA. Cleanup: ~30 dead assignments removed, shadowed automatic variables ($error, $matches) renamed, stale Set-Safehouse/Get-Safehouse tests rewritten against the vault API (suite: 453 passing). v2.3.1 (patch): Fix Show-Guerrilla scan dispatch — PowerShell.BeginInvoke($null, $output) failed with "Cannot find an overload" because the typed PSDataCollection<T> overload can't infer the generic from $null. Now uses an explicit empty input collection. Also: banner now reads the version from the manifest instead of a hardcoded string, so it can't drift again. v2.3.0: New Show-Guerrilla cmdlet — a WPF Operations Console with five tabs for managing the safehouse, running scans, browsing reports, and configuring patrols. Windows-only; the CLI continues to work everywhere else. v2.2.1: ProjectUri now points at https://guerrilla.army/. v2.2.0: 28 new AD checks across 4 new categories — Network (NTLM-relay preconditions: LDAP/SMB signing, LLMNR/NetBIOS/WPAD, IPv6 mitm6, Spooler/WebClient), TierZero (AAD Connect MSOL_ audit, tier-bleed by service-account name pattern for Veeam/vCenter/SCCM/SQL), Logging (Advanced Audit Policy, PowerShell Script Block/Module Logging, 4688 cmdline, Defender Tamper Protection, WEF, Sysmon), Tradecraft (GPP cpassword scan, DCShadow indicator, stale BitLocker keys, RODC PRP). Plus: cross-platform data paths via Get-PSGuerrillaDataRoot, Set-Safehouse asks 'which environments?' first, banner suppressed in non-interactive sessions, SupportsShouldProcess on state-mutating cmdlets, theater-disambiguating aliases (Invoke-WorkspaceRecon/ADRecon/CloudRecon), score no longer inflates for missing categories, atomic state writes, 30+ bug fixes. Total checks: 459.
FileList
- PSGuerrilla.nuspec
- AI-USAGE.md
- Config\guerrilla-defaults.json
- Public\Export-ExecutiveSummary.ps1
- Public\Get-Safehouse.ps1
- Public\Register-Patrol.ps1
- Public\Send-SignalTwilio.ps1
- Samples\Reconnaissance-AllFail.html
- Data\AuditChecks\ADPrivilegedAccountChecks.json
- Data\AuditChecks\EntraAuthChecks.json
- Data\AuditChecks\M365SharePointChecks.json
- Private\Audit\Invoke-AdminManagementChecks.ps1
- Private\Console\Get-GuerrillaScoreLabel.ps1
- Private\Console\Write-ReconnaissanceReport.ps1
- Private\Core\Get-CloudIpClassification.ps1
- Private\Core\Invoke-PendingKeyFileCleanup.ps1
- Private\Core\Test-DriveExternalSharing.ps1
- Private\Export\Export-CampaignReportJson.ps1
- Private\Export\Export-ReconnaissanceReportCsv.ps1
- Private\Export\Export-WiretapReportHtml.ps1
- Private\Gui\Get-GuerrillaGuiTheme.ps1
- Private\AD\Checks\Invoke-ADAclDelegationChecks.ps1
- Private\AD\Checks\Invoke-ADStaleObjectChecks.ps1
- Private\AD\Core\Get-ADNetworkConfig.ps1
- Private\AD\Core\New-LdapConnection.ps1
- Private\ADMonitor\Detections\Test-ADCertTemplateChange.ps1
- Private\ADMonitor\Detections\Test-ADLdapQueryAnomaly.ps1
- Private\Entra\Checks\Invoke-EntraAuthChecks.ps1
- Private\Entra\Checks\Invoke-M365SharePointChecks.ps1
- Private\Entra\Core\Get-IntuneData.ps1
- Private\EntraMonitor\Detections\Test-EntraAppPermissionGrant.ps1
- Private\EntraMonitor\Detections\Test-EntraPasswordSpray.ps1
- Private\M365Monitor\Detections\Test-M365AuditLogDisablement.ps1
- CHANGELOG.md
- Data\CloudIpRanges.json
- Public\Export-RemediationPlaybook.ps1
- Public\Get-TrendReport.ps1
- Public\Send-Signal.ps1
- Public\Send-SignalWebhook.ps1
- Data\AuditChecks\ADAclDelegationChecks.json
- Data\AuditChecks\ADStaleObjectChecks.json
- Data\AuditChecks\EntraCAChecks.json
- Data\AuditChecks\M365TeamsChecks.json
- Private\Audit\Invoke-AuthenticationChecks.ps1
- Private\Console\Initialize-SpectreCapability.ps1
- Private\Console\Write-SpectreBarChart.ps1
- Private\Core\Get-GuerrillaScoreCalculation.ps1
- Private\Core\New-UserCompromiseProfile.ps1
- Private\Core\Test-EmailForwarding.ps1
- Private\Export\Export-DashboardHtml.ps1
- Private\Export\Export-ReconnaissanceReportHtml.ps1
- Private\Export\Export-WiretapReportJson.ps1
- Private\Gui\Invoke-GuerrillaGuiAsync.ps1
- Private\AD\Checks\Invoke-ADCertificateServicesChecks.ps1
- Private\AD\Checks\Invoke-ADTradecraftChecks.ps1
- Private\AD\Core\Get-ADObjectACLs.ps1
- Private\AD\Core\Resolve-ADSid.ps1
- Private\ADMonitor\Detections\Test-ADComputerAccountCreation.ps1
- Private\ADMonitor\Detections\Test-ADOUPermissionChange.ps1
- Private\Entra\Checks\Invoke-EntraCAChecks.ps1
- Private\Entra\Checks\Invoke-M365TeamsChecks.ps1
- Private\Entra\Core\Get-M365ServiceData.ps1
- Private\EntraMonitor\Detections\Test-EntraAuditLogGap.ps1
- Private\EntraMonitor\Detections\Test-EntraPrivilegedRoleChange.ps1
- Private\M365Monitor\Detections\Test-M365BulkFileExfiltration.ps1
- CONTRIBUTING.md
- Data\ComplianceCrosswalk.json
- Public\Export-RemediationScripts.ps1
- Public\Invoke-Campaign.ps1
- Public\Send-SignalDigest.ps1
- Public\Set-RiskAcceptance.ps1
- Data\AuditChecks\ADCertificateServicesChecks.json
- Data\AuditChecks\ADTradecraftChecks.json
- Data\AuditChecks\EntraFedChecks.json
- Data\AuditChecks\OAuthSecurityChecks.json
- Private\Audit\Invoke-CollaborationChecks.ps1
- Private\Console\Write-CampaignReport.ps1
- Private\Console\Write-SpectrePanel.ps1
- Private\Core\Get-IpGeoData.ps1
- Private\Core\Save-OperationState.ps1
- Private\Core\Test-HighRiskOAuthApp.ps1
- Private\Export\Export-FieldReportCsv.ps1
- Private\Export\Export-ReconnaissanceReportJson.ps1
- Private\Export\Format-SignalContent.ps1
- Private\Gui\Show-GuerrillaWindow.ps1
- Private\AD\Checks\Invoke-ADDomainForestChecks.ps1
- Private\AD\Checks\Invoke-ADTrustChecks.ps1
- Private\AD\Core\Get-ADPasswordPolicies.ps1
- Private\AD\Core\Test-ADModuleAvailability.ps1
- Private\ADMonitor\Detections\Test-ADDCSyncPermission.ps1
- Private\ADMonitor\Detections\Test-ADPrivilegedGroupChange.ps1
- Private\Entra\Checks\Invoke-EntraFedChecks.ps1
- Private\Entra\Core\Get-AzureIAMData.ps1
- Private\EntraMonitor\Core\Get-EntraDirectoryAudits.ps1
- Private\EntraMonitor\Detections\Test-EntraAuthMethodChange.ps1
- Private\EntraMonitor\Detections\Test-EntraRiskySignIn.ps1
- Private\M365Monitor\Detections\Test-M365DefenderAlertChange.ps1
- LICENSE
- Data\HighRiskOAuthApps.json
- Public\Export-ReportPdf.ps1
- Public\Invoke-Fortification.ps1
- Public\Send-SignalEventLog.ps1
- Public\Set-Safehouse.ps1
- Data\AuditChecks\ADDomainForestChecks.json
- Data\AuditChecks\ADTrustChecks.json
- Data\AuditChecks\EntraPIMChecks.json
- Data\AuditChecks\TierZeroChecks.json
- Private\Audit\Invoke-DeviceManagementChecks.ps1
- Private\Console\Write-FieldReport.ps1
- Private\Console\Write-SpectreProgress.ps1
- Private\Core\Get-LocalizedString.ps1
- Private\Core\Save-TheaterState.ps1
- Private\Core\Test-ImpossibleTravel.ps1
- Private\Export\Export-FieldReportHtml.ps1
- Private\Export\Export-SurveillanceReportCsv.ps1
- Private\Google\Get-GoogleAccessToken.ps1
- Private\Vault\Get-GuerrillaCredential.ps1
- Private\AD\Checks\Invoke-ADGroupPolicyChecks.ps1
- Private\AD\Checks\Invoke-TierZeroChecks.ps1
- Private\AD\Core\Get-ADPrivilegedMembers.ps1
- Private\ADMonitor\Core\Compare-ADBaseline.ps1
- Private\ADMonitor\Detections\Test-ADDelegationChange.ps1
- Private\ADMonitor\Detections\Test-ADReplicationAnomaly.ps1
- Private\Entra\Checks\Invoke-EntraPIMChecks.ps1
- Private\Entra\Core\Get-EntraApplicationData.ps1
- Private\EntraMonitor\Core\Get-EntraMonitorThreatScore.ps1
- Private\EntraMonitor\Detections\Test-EntraCAPolicyChange.ps1
- Private\EntraMonitor\Detections\Test-EntraServicePrincipalCred.ps1
- Private\M365Monitor\Detections\Test-M365DLPPolicyChange.ps1
- PSGuerrilla-Sample-Report.html
- Data\KnownAttackerIps.json
- Public\Export-TechnicalReport.ps1
- Public\Invoke-Infiltration.ps1
- Public\Send-SignalMailgun.ps1
- Public\Show-Guerrilla.ps1
- Data\AuditChecks\ADGroupPolicyChecks.json
- Data\AuditChecks\AuthenticationChecks.json
- Data\AuditChecks\EntraTenantChecks.json
- Data\Localization\en-US.json
- Private\Audit\Invoke-DriveSecurityChecks.ps1
- Private\Console\Write-FortificationReport.ps1
- Private\Console\Write-SpectreTable.ps1
- Private\Core\Get-OperationState.ps1
- Private\Core\Test-2svDisablement.ps1
- Private\Core\Test-NewDevice.ps1
- Private\Export\Export-FieldReportJson.ps1
- Private\Export\Export-SurveillanceReportHtml.ps1
- Private\Google\Invoke-GoogleAdminApi.ps1
- Private\Vault\Get-VaultMetadata.ps1
- Private\AD\Checks\Invoke-ADKerberosChecks.ps1
- Private\AD\Core\Get-ADCertificateServices.ps1
- Private\AD\Core\Get-ADStaleObjects.ps1
- Private\ADMonitor\Core\Get-ADBaseline.ps1
- Private\ADMonitor\Detections\Test-ADDnsRecordChange.ps1
- Private\ADMonitor\Detections\Test-ADSchemaChange.ps1
- Private\Entra\Checks\Invoke-EntraTenantChecks.ps1
- Private\Entra\Core\Get-EntraAuthMethodsData.ps1
- Private\EntraMonitor\Core\Get-EntraRiskDetections.ps1
- Private\EntraMonitor\Detections\Test-EntraFederationChange.ps1
- Private\EntraMonitor\Detections\Test-EntraSubscriptionPermChange.ps1
- Private\M365Monitor\Detections\Test-M365EDiscoverySearch.ps1
- PSGuerrilla.format.ps1xml
- Data\RemediationCosts.json
- Public\Get-ComplianceCrosswalk.ps1
- Public\Invoke-Recon.ps1
- Public\Send-SignalPagerDuty.ps1
- Public\Test-Safehouse.ps1
- Data\AuditChecks\ADKerberosChecks.json
- Data\AuditChecks\AzureIAMChecks.json
- Data\AuditChecks\IntuneChecks.json
- Data\Profiles\Default-Baseline.json
- Private\Audit\Invoke-EmailSecurityChecks.ps1
- Private\Console\Write-GuerrillaBanner.ps1
- Private\Console\Write-SpectreTree.ps1
- Private\Core\Get-ResourceConstrainedFixes.ps1
- Private\Core\Test-AdminAction.ps1
- Private\Core\Test-UserAgentAnomaly.ps1
- Private\Export\Export-FortificationReportCsv.ps1
- Private\Export\Export-SurveillanceReportJson.ps1
- Private\Google\Invoke-GoogleReportsApi.ps1
- Private\Vault\Initialize-GuerrillaVault.ps1
- Private\AD\Checks\Invoke-ADLoggingChecks.ps1
- Private\AD\Core\Get-ADDomainControllers.ps1
- Private\AD\Core\Get-ADTierZeroSignals.ps1
- Private\ADMonitor\Core\Get-ADMonitorData.ps1
- Private\ADMonitor\Detections\Test-ADDomainAdminChange.ps1
- Private\ADMonitor\Detections\Test-ADSensitivePasswordChange.ps1
- Private\Entra\Checks\Invoke-IntuneChecks.ps1
- Private\Entra\Core\Get-EntraConditionalAccessData.ps1
- Private\EntraMonitor\Core\Get-EntraSignInEvents.ps1
- Private\EntraMonitor\Detections\Test-EntraGlobalAdminAssignment.ps1
- Private\EntraMonitor\Detections\Test-EntraTenantSettingChange.ps1
- Private\M365Monitor\Detections\Test-M365ExternalSharingChange.ps1
- Data\SuspiciousCountries.json
- Public\Get-DeadDrop.ps1
- Public\Invoke-ReconDemo.ps1
- Public\Send-SignalPushover.ps1
- Public\Unregister-Patrol.ps1
- Data\AuditChecks\ADLoggingChecks.json
- Data\AuditChecks\CollaborationChecks.json
- Data\AuditChecks\LoggingAlertingChecks.json
- Data\Profiles\K12-Baseline.json
- Private\Audit\Invoke-LoggingAlertingChecks.ps1
- Private\Console\Write-GuerrillaText.ps1
- Private\Console\Write-SurveillanceReport.ps1
- Private\Core\Get-TheaterState.ps1
- Private\Core\Test-AfterHoursLogin.ps1
- Private\Core\Test-UserSuspension.ps1
- Private\Export\Export-FortificationReportHtml.ps1
- Private\Export\Export-TrendReportHtml.ps1
- Private\Google\New-GoogleJwt.ps1
- Private\Vault\Read-MissionConfig.ps1
- Private\AD\Checks\Invoke-ADLogonScriptChecks.ps1
- Private\AD\Core\Get-ADDomainInfo.ps1
- Private\AD\Core\Get-ADTradecraftSignals.ps1
- Private\ADMonitor\Core\Get-ADMonitorThreatScore.ps1
- Private\ADMonitor\Detections\Test-ADEnterpriseAdminChange.ps1
- Private\ADMonitor\Detections\Test-ADServiceAccountCreation.ps1
- Private\Entra\Checks\Invoke-M365AuditChecks.ps1
- Private\Entra\Core\Get-EntraFederationData.ps1
- Private\EntraMonitor\Core\New-EntraRiskProfile.ps1
- Private\EntraMonitor\Detections\Test-EntraGuestInvitation.ps1
- Private\EntraMonitor\Detections\Test-EntraUnfamiliarSignIn.ps1
- Private\M365Monitor\Detections\Test-M365ForwardingRule.ps1
- PSGuerrilla.psd1
- Data\ThreatActorProfiles.json
- Public\Get-GuerrillaScore.ps1
- Public\Invoke-Reconnaissance.ps1
- Public\Send-SignalSendGrid.ps1
- Public\Update-ThreatIntel.ps1
- Data\AuditChecks\ADLogonScriptChecks.json
- Data\AuditChecks\DeviceManagementChecks.json
- Data\AuditChecks\M365AuditChecks.json
- Private\Audit\Compare-FortificationState.ps1
- Private\Audit\Invoke-OAuthSecurityChecks.ps1
- Private\Console\Write-InfiltrationReport.ps1
- Private\Console\Write-WatchtowerReport.ps1
- Private\Core\Get-ThreatScore.ps1
- Private\Core\Test-BruteForce.ps1
- Private\Core\Test-WorkspaceSettingChange.ps1
- Private\Export\Export-FortificationReportJson.ps1
- Private\Export\Export-WatchtowerReportCsv.ps1
- Private\Graph\Get-GraphAccessToken.ps1
- Private\Vault\Set-GuerrillaCredential.ps1
- Private\AD\Checks\Invoke-ADNetworkChecks.ps1
- Private\AD\Core\Get-ADGroupPolicyObjects.ps1
- Private\AD\Core\Get-ADTrustRelationships.ps1
- Private\ADMonitor\Core\New-ADChangeProfile.ps1
- Private\ADMonitor\Detections\Test-ADGPOChange.ps1
- Private\ADMonitor\Detections\Test-ADTrustChange.ps1
- Private\Entra\Checks\Invoke-M365DefenderChecks.ps1
- Private\Entra\Core\Get-EntraPIMData.ps1
- Private\EntraMonitor\Detections\Test-EntraAdminUnitChange.ps1
- Private\EntraMonitor\Detections\Test-EntraImpossibleTravel.ps1
- Private\M365Monitor\Core\Get-M365AuditEvents.ps1
- Private\M365Monitor\Detections\Test-M365PowerAutomateFlow.ps1
- PSGuerrilla.psm1
- Data\VpnTorProxies.json
- Public\Get-Patrol.ps1
- Public\Invoke-Surveillance.ps1
- Public\Send-SignalSlack.ps1
- Samples\Fortification-AllFail.html
- Data\AuditChecks\AdminManagementChecks.json
- Data\AuditChecks\DriveSecurityChecks.json
- Data\AuditChecks\M365DefenderChecks.json
- Private\Audit\Get-AuditCategoryDefinitions.ps1
- Private\Audit\New-AuditFinding.ps1
- Private\Console\Write-InterceptAlert.ps1
- Private\Console\Write-WiretapReport.ps1
- Private\Core\Hide-ConfigSecret.ps1
- Private\Core\Test-BulkFileDownload.ps1
- Private\Core\Update-ThreatIntelData.ps1
- Private\Export\Export-InfiltrationReportCsv.ps1
- Private\Export\Export-WatchtowerReportHtml.ps1
- Private\Graph\Invoke-AzureRMApi.ps1
- Private\Vault\Set-VaultMetadata.ps1
- Private\AD\Checks\Invoke-ADPasswordPolicyChecks.ps1
- Private\AD\Core\Get-ADKerberosConfig.ps1
- Private\AD\Core\Get-ReconnaissanceData.ps1
- Private\ADMonitor\Detections\Test-ADAdminSDHolderChange.ps1
- Private\ADMonitor\Detections\Test-ADGPOLinkChange.ps1
- Private\Entra\Checks\Invoke-AzureIAMChecks.ps1
- Private\Entra\Checks\Invoke-M365ExchangeChecks.ps1
- Private\Entra\Core\Get-EntraTenantData.ps1
- Private\EntraMonitor\Detections\Test-EntraAnomalousToken.ps1
- Private\EntraMonitor\Detections\Test-EntraLeakedCredential.ps1
- Private\M365Monitor\Core\Get-M365MonitorThreatScore.ps1
- Private\M365Monitor\Detections\Test-M365TeamsExternalAccess.ps1
- README.md
- Public\Export-BudgetJustification.ps1
- Public\Get-QuickWins.ps1
- Public\Invoke-Watchtower.ps1
- Public\Send-SignalSyslog.ps1
- Samples\Generate-SampleReports.ps1
- Data\AuditChecks\ADNetworkChecks.json
- Data\AuditChecks\EmailSecurityChecks.json
- Data\AuditChecks\M365ExchangeChecks.json
- Private\Audit\Get-AuditPostureScore.ps1
- Private\Audit\Resolve-DomainMailSecurity.ps1
- Private\Console\Write-OperationHeader.ps1
- Private\Core\Find-ThreatActorProfile.ps1
- Private\Core\Initialize-ConfigMigration.ps1
- Private\Core\Test-ConcurrentSessions.ps1
- Private\Export\Export-CampaignReportCsv.ps1
- Private\Export\Export-InfiltrationReportHtml.ps1
- Private\Export\Export-WatchtowerReportJson.ps1
- Private\Graph\Invoke-GraphApi.ps1
- Private\Vault\Show-SafehouseStatus.ps1
- Private\AD\Checks\Invoke-ADPrivilegedAccountChecks.ps1
- Private\AD\Core\Get-ADLogonScripts.ps1
- Private\AD\Core\Invoke-LdapQuery.ps1
- Private\ADMonitor\Detections\Test-ADCertEnrollmentAnomaly.ps1
- Private\ADMonitor\Detections\Test-ADKrbtgtChange.ps1
- Private\Entra\Checks\Invoke-EntraAppChecks.ps1
- Private\Entra\Checks\Invoke-M365PowerPlatformChecks.ps1
- Private\Entra\Core\Get-InfiltrationData.ps1
- Private\EntraMonitor\Detections\Test-EntraAnonymousIp.ps1
- Private\EntraMonitor\Detections\Test-EntraMalwareIp.ps1
- Private\M365Monitor\Core\New-M365ChangeProfile.ps1
- Private\M365Monitor\Detections\Test-M365TransportRuleChange.ps1
- Config\guerrilla-config-schema.json
- Public\Export-Dashboard.ps1
- Public\Get-RiskAcceptance.ps1
- Public\Invoke-Wiretap.ps1
- Public\Send-SignalTeams.ps1
- Samples\Infiltration-AllFail.html
- Data\AuditChecks\ADPasswordPolicyChecks.json
- Data\AuditChecks\EntraAppChecks.json
- Data\AuditChecks\M365PowerPlatformChecks.json
- Private\Audit\Get-FortificationData.ps1
- Private\Console\Get-FortificationScoreLabel.ps1
- Private\Console\Write-ProgressLine.ps1
- Private\Core\Get-AlertDeduplication.ps1
- Private\Core\Invoke-AlertEscalation.ps1
- Private\Core\Test-DomainWideDelegation.ps1
- Private\Export\Export-CampaignReportHtml.ps1
- Private\Export\Export-InfiltrationReportJson.ps1
- Private\Export\Export-WiretapReportCsv.ps1
- Private\Graph\Test-GraphModuleAvailability.ps1
- Private\Vault\Test-CredentialConnectivity.ps1