Filter By
Displaying results 1 - 14 of 14 (Page 1 of 1)
|
By:
|
636,152 downloads
|
Last Updated: 1/30/2016
|
Latest Version: 1.1.1
A Digital Forensics framework for Windows PowerShell. |
Module
|
By:
|
79,556 downloads
|
Last Updated: 12/11/2024
|
Latest Version: 1.17.1
This module tries to enumerate all the persistence techniques implanted on a compromised machine. |
|
By:
|
8,517 downloads
|
Last Updated: 1/30/2016
|
Latest Version: 1.1.1
A Digital Forensics framework for Windows PowerShell. |
|
By:
|
4,637 downloads
|
Last Updated: 5/13/2017
|
Latest Version: 0.6.0.0
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CIM/WMI obviates the need for the installation of a host-based agent. The WMI service is running by default on all versions of Windows. |
|
By:
|
2,936 downloads
|
Last Updated: 2/18/2016
|
Latest Version: 1.1.1
A Digital Forensics framework for Windows PowerShell. |
|
By:
|
1,556 downloads
|
Last Updated: 12/8/2021
|
Latest Version: 1.6.1
A cloud forensics module to run threat hunting playbooks on data from Azure and O365 |
|
By:
|
254 downloads
|
Last Updated: 9/22/2025
|
Latest Version: 2.4.1
The DFIR-O365RC module will extract logs from the unified audit log (using Exchange Online and Purview), Entra ID Sign In logs, Entra ID Audit Logs, Azure Monitor and Azure DevOps activity logs |
|
By:
|
33 downloads
|
Last Updated: 3/9/2026
|
Latest Version: 1.1.0
PowerTriage is a lightweight, dependency-free PowerShell script designed for Incident Response (DFIR) on compromised Windows devices. It collects critical artifacts (Network, Process, Persistence, System, Browsers) and packages them for analysis. Features: - Zero Dependencies: Runs on standard PowerShell 5.1+ - Modular: Full or Minimal collection ... More info |
|
By:
|
50 downloads
|
Last Updated: 1/9/2026
|
Latest Version: 1.0
A comprehensive PowerShell toolkit for threat hunting, digital forensics, and incident response (DFIR). Provides "Hunt" functions to detect persistence mechanisms, analyze system artifacts, search event logs, and generate detailed forensic reports. |
|
By:
|
6 downloads
|
Last Updated: 2/19/2026
|
Latest Version: 0.4.0-rc1
Comprehensive Windows security posture analysis and attack surface assessment tool. Covers 23 security categories including hardware security (TPM/VBS/Secure Boot), BitLocker, Microsoft Defender ASR rules, exploit protection, privacy settings, network security, remote access, WSL, PowerShell security, authentication policy, scheduled tasks, and Win... More info |
|
By:
|
1 download
|
Last Updated: 4/18/2026
|
Latest Version: 1.0.0
Audit Windows persistence locations: registry Run keys, scheduled tasks and unsigned autorun binaries. JSON / HTML report. |
|
By:
|
1 download
|
Last Updated: 4/18/2026
|
Latest Version: 1.0.0
Audit Windows services for unquoted paths, weak ACLs and risky service accounts. JSON / HTML report. |
|
By:
|
1 download
|
Last Updated: 4/18/2026
|
Latest Version: 1.0.0
Audit Kerberos posture in Active Directory: unconstrained delegation, duplicate SPNs and AS-REP roastable accounts. |
|
By:
|
1 download
|
Last Updated: 4/18/2026
|
Latest Version: 1.0.0
Audit Windows Print Spooler exposure (PrintNightmare): spooler state, Point-and-Print restrictions, unsigned drivers, package install policy. |