A repository of sysmon configuration modules
updated at Nov. 17, 2024, 2:42 p.m.
CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows.
updated at Nov. 16, 2024, 11:05 p.m.
A collection of PowerShell modules designed for artifact gathering and reconnaisance of Windows-based endpoints.
updated at Nov. 15, 2024, 5:06 p.m.
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
updated at Nov. 13, 2024, 1:35 p.m.
$MFT directory tree reconstruction & FILE record info
updated at Oct. 29, 2024, 9:41 p.m.
PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
updated at Sept. 10, 2024, 5:40 a.m.