.svg){kind=icon}
email
A really good DFIR automation for collecting and analyzing evidence designed for cybersecurity professionals.
ForensicMiner, a PowerShell-based DFIR automation tool, revolutionizes the field of digital investigations. Designed for efficiency, it automates artifact and evidence collection from Windows machines. Compatibility with Flacon Crowdstrike RTR and Palo Alto Cortex XDR Live Terminal, along with its swift performance and user-friendly interface, makes ForensicMiner an indispensable asset for investigators navigating the complexities of forensic analysis. Streamlined and effective, this tool sets a new standard in the realm of digital forensics.
(Self fix): a tool allowing users to solve their issues themselves and reduce tickets/calls to your support team.
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
PowerHuntShares is PowerShell tool designed to help cybersecurity teams
and penetration testers better identify, understand, attack,
and remediate SMB shares in the Active Directory environments they protect.
Sources:
PersistenceSniper is a Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. It is also available on Powershell Gallery and it is digitally signed with a valid code signing certificate. The tool is under active development with new releases coming out by the week, so make sure to use the up-to-date version. Official Twitter/X account @PersistSniper.
PowerLessShell rely on MSBuild.exe to remotely execute PowerShell scripts and commands without spawning powershell.exe. You can also execute raw shellcode using the same approach.
Powershell module for VMWare vSphere forensics.
The DFIR4vSphere PowerShell module collects logs and forensics artefacts on both ESXi hosts and the vCenter console.
Create an API for any website, in any programming language, without writing a line of code