PSGumshoe

1.7.3

PowerShell module for data collection, incident response, hunting, and security analysis

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSGumshoe

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Carlos Perez (carlos_perez@darkoperator.com)

Owners

Functions

Get-InjectedThread Get-NamedPipe Measure-CharacterFrequency Measure-DamerauLevenshteinDistance Measure-VectorSimilarity Stop-Thread Get-DSForest Get-DSDirectoryEntry Get-DSDirectorySearcher Get-DSComputer Get-DSDomain Get-DSGpo Get-DSUser Get-DSGroup Get-DSReplicationAttribute Get-DSGroupMember Get-DSOU Get-DSTrust Get-DSObjectAcl Get-EventPsEngineState Get-EventPsPipeline Get-EventPsIPC Get-EventPsScriptBlock Get-WinEventBaseXPathFilter Get-SysmonProcessAccess Get-SysmonConfigChange Get-SysmonConnectNamedPipe Get-SysmonCreateNamedPipe Get-SysmonCreateRemoteThreadEvent Get-SysmonDriverLoadEvent Get-SysmonFileCreateEvent Get-SysmonFileStreamHash Get-SysmonFileTime Get-SysmonFileDeleteDetectedEvent Get-SysmonImageLoadEvent Get-SysmonNetworkConnect Get-SysmonProcessCreateEvent Get-SysmonProcessTampering Get-SysmonProcessTerminateEvent Get-SysmonRawAccessRead Get-SysmonRegistryKey Get-SysmonRegistryRename Get-SysmonRegistrySetValue Get-SysmonServiceStateChange Get-SysmonWmiBinding Get-SysmonWmiConsumer Get-SysmonWmiFilter Get-SysmonDNSQuery Get-SysmonProcessActivityEvent Get-SysmonClipboardChange Get-SysmonError Get-EventSystemLogon Get-EventSystemLogoff Get-EventTerminalLogon Get-EventTerminalLogoff Get-EventScheduledTaskStart Get-EventScheduledTaskProcess Get-EventScheduledTaskStop Get-EventScheduledTaskComplete Get-EventBitsTransferComplete Get-EventBitsTransferStart Get-SysmonAccessMask Get-SysmonRuleHash ConvertTo-SysmonRule Get-EventProcessCreate Clear-WinEvent Export-WinEvent Get-EventWmiQueryError Get-CimLogonSession Get-CimProcessLogonSession Get-CimProcess Get-CimComputerInfo Get-CimDNSCache Get-CimNetLogon

Dependencies

This module has no dependencies.

Version History

Version Downloads Last updated
1.7.3 (current version) 182 4/22/2021
1.7.2 6 4/21/2021
1.7.1 57 3/13/2021
1.7 5 3/13/2021
1.6 60 1/13/2021
1.5 79 6/3/2020
1.3 4 6/2/2020