PowerGRR by swisscom

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.

updated at Aug. 26, 2023, 6:23 p.m.

21 +0

56 +0

7 +0

Invoke-LiveResponse by mgreen27

Invoke-LiveResponse

updated at Aug. 24, 2024, 4:40 p.m.

13 +0

145 +0

29 +0

PowerSponse by swisscom

PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.

updated at Sept. 10, 2024, 5:40 a.m.

16 +0

38 +0

6 +0

MFT_Browser by kacos2000

$MFT directory tree reconstruction & FILE record info

updated at Oct. 29, 2024, 9:41 p.m.

13 +0

292 +0

32 +0

WELA by Yamato-Security

WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅（ウェラ）

updated at Nov. 13, 2024, 1:35 p.m.

18 +0

763 +1

82 +0

Meerkat by TonyPhipps

A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.

updated at Nov. 15, 2024, 5:06 p.m.

31 +0

435 +0

82 +0

CimSweep by mattifestation

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.

updated at Nov. 16, 2024, 11:05 p.m.

75 +1

650 +5

148 +0

flare-vm by mandiant

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

updated at Nov. 17, 2024, 7:42 a.m.

200 +0

6,588 +24

919 +2

sysmon-modular by olafhartong

A repository of sysmon configuration modules

updated at Nov. 17, 2024, 2:42 p.m.

165 +0

2,664 +6

590 +2