The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 12 PowerShell Dfir Projects
-
AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
-
MemProcFS-Analyzer
MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR
-
Trawler
PowerShell script to help Incident Responders discover potential adversary persistence mechanisms.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
WindowsDFIR
Repository for different Windows DFIR related CMDs, PowerShell CMDlets, etc, plus workshops that I did for different conferences or events.
I was specifically using the https://github.com/olafhartong/sysmon-modular config, but once we started seeing systems crash I tried building extremely minimal configs and still found them causing hangs.
Project mention: Non-SysAdmin Use Cases for PowerShell? Basically, any use cases NOT involving network, RDP, system config, IT/LAN admin type stuff? | /r/PowerShell | 2023-05-10I use it for DFIR work - example - https://github.com/joeavanzato/Trawler
PowerShell Dfir related posts
- Sysmon 15.0 is out now with advanced features
- Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
- Sharing a tool I developed to help Blue Teamers discover Persistence on Windows - please check it out!
- User was hacked and sent out malware via their company email however unable to find out how?
- Sharing a new tool I made for aiding my analysis of persistence mechanisms on Windows - Trawler
- Splunk & Sysmon as SIEM
- Looking for inputs and validation for this network setup.
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source Dfir projects in PowerShell? This list will help you:
Project | Stars | |
---|---|---|
1 | sysmon-modular | 2,485 |
2 | AzureHunter | 755 |
3 | sysmon-config | 749 |
4 | WELA | 651 |
5 | DetectionLabELK | 525 |
6 | MemProcFS-Analyzer | 401 |
7 | Trawler | 287 |
8 | Collect-MemoryDump | 213 |
9 | Win10 | 163 |
10 | WindowsDFIR | 71 |
11 | Queries | 67 |
12 | Power-Response | 61 |
Sponsored