
Invoke-LiveResponse is a live incident response tool for targeted collection. There are two main modes of use in Invoke-LiveResponse and both are configured by a…

Knocker is an EndPoint Security Assessment Framework. User can create different types of executable files that will help to assess endpoints by trying different techniques…

LEGAL DISCLAMER The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal…

THRecon is a Powershell module for Threat-Hunting and Reconnaissance toolkit. Function Feature: + Get-THR_ADS: Performs a search for alternate data streams (ADS) on a system….

sRDI is a Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode. sRDI allows for the conversion of DLL files to position…

The goal of Revoke-Obfuscation research and these frameworks was to highlight the limitations of a purely signature-based approach to detecting attackers’ usage of PowerShell. The…

Get-Baseline is a wrapper PowerShell script for a number of functions that automates the initial tasks in an incident response scenario. Prerequisites: + on Targets:…

B2Response (beta) is a Powershell script for Logged PS Remote Command Wrapper for simplified Blue Team Forensics/IR Dependencies: + Powershell v3.0 or Higher Some Features:…