Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365

MasterParser is a powerful DFIR tool designed for analyzing and parsing Linux logs

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

PowerShell Digital Forensics & Incident Response Scripts.

Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Product Group in conjunction with the Microsoft Detection and Response Team (DART), to assist in compromise response.

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

PowerShell script helping Incident Responders discover potential adversary persistence mechanisms.

Awesome Incident Response

Microsoft Sentinel SOC Operations

Collect-MemoryDump - Automated Creation of Windows Memory Snapshots for DFIR

Build a fast, free, and effective Threat Hunting/Incident Response Console with Windows Event Forwarding and PowerBI

Invoke-LiveResponse

ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.

PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.

A PowerShell incident response script for quick triage

A curated repository of incident response playbooks

Powering Up Incident Response with Power-Response

PowerGRR is an API client library in PowerShell working on Windows, Linux and macOS for GRR automation and scripting.