ThreatHunting - Powershell collection designed to assist in Threat Hunting Windows systems.

ThreatHunting – Powershell collection designed to assist in Threat Hunting Windows systems.

ThreatHunting is a Powershell collection designed to assist in Threat Hunting Windows systems.
Function:
– Add-WinEventXMLData : Add XML fields to an event log record.
– Hunt-ActivePorts : Gets the active ports for the given computer(s).
– Hunt-ADS : Performs a search for alternate data streams (ADS) on a system.
– Hunt-ArpCache : Gets the arp cache from all connected interfaces for the given computer(s).
– Hunt-Autoruns : Gets a list of programs that auto start for the given computer(s).
– Hunt-BitLockerDetails : Gets the current BitLocker details to include recovery key of a given system.

ThreatHunting

– Hunt-Computer : Gets general system information on a given system. Includes data from Win32_ComputerSystem, Win32_OperatingSystem, and win32_BIOS. Begins with CIM and falls back to WMI.
– Hunt-DNSCache : Gets the DNS cache from all connected interfaces for the given computer(s).
– Hunt-Drivers : Computer can be a single hostname, FQDN, or IP address.
– Hunt-HostsEntries : Gets the arp cache from all connected interfaces for the given computer(s).
– And manymore…

Usage:

Source: https://github.com/DLACERT