Automated Forensic Analysis of Windows Memory Dumps for DFIR.

MemProcFS-Analyzer.ps1 is a PowerShell script utilized to simplify the usage of MemProcFS and to optimize your memory analysis workflow.

Powershell Based tool for gathering information related to O365 intrusions and potential Breaches

AADInternals is PowerShell module for administering Azure AD and Office 365.

• AADInternals @ GitHub.
• AADInternals documentation.

PowerShell-Hunter is a growing collection of PowerShell-based threat hunting tools designed to help defenders investigate and detect malicious activity in Windows environments. This project aims to provide security analysts with powerful, flexible tools that leverage PowerShell's native capabilities for threat hunting.

Related contents:

• THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January] @ Cybersecurity Newsletters' LinkedIn.

The Microsoft Graph software development kits (SDKs) are designed to simplify building high-quality, efficient, resilient applications that access Microsoft Graph. The SDKs include two components: a service library and a core library.

The service library contains models and request builders generated from Microsoft Graph metadata. The service library provides a rich, strongly-typed, and discoverable experience when working with the many datasets available in Microsoft Graph.

• Microsoft Graph SDK for PHP @ GitHub.

GPOZaurr is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. GPOZaurr provides 360 degrees of information about Group Policies and their settings.

The command-not-found module is a feedback provider plugin for PowerShell. This feedback provider depends on the command-not-found utility, which is often available on Linux by default, to provide suggestions when a native command cannot be found.

bash also calls the command-not-found utility to provide suggestions when a command cannot be found. But this feedback provider plugin does more than that, thanks to the command-line predictor feature in PowerShell. It also implements the ICommandPredictor interface and serves as a predictor. When the resulted feedback contains actionable items, such as commands to run, they will be used as predictive suggestions to streamline the user's command-line experience.

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

• ADRecon, un outil en PowerShell pour collecter des informations sur l’Active Directory @ IT-Connect .

Monitor changes in Active Directory with replication metadata.

Tool for monitor Active Directory changes in real time without getting all objects. Instead of this it use replication metadata and Update Sequence Number (USN) to filter current properties of objects.

• ADSpider - Monitor changes in Active Directory with replication metadata @ Laurent M.'s LinkedIn .

CLI AI Assistant

A simple command-line AI assistant that translates natural language into shell commands. Supports all Windows and Unix-based systems (Linux, MacOS).

• Episode 585 - Choosy Moms Choose Ubuntu @ Linux Unplugged.

Document Your Datacenter With PowerShell.

As Built Report is an open source configuration document framework which utilises Microsoft PowerShell to produce as-built documentation in multiple document formats for multiple vendors and technologies. The framework allows users to easily generate clear and consistent documentation, for any environment which supports Microsoft PowerShell and/or a RESTful API.

• AsBuiltReport.Core @ GitHub.
• Microsoft AD As Built Report @ GitHub.
• HomeLab: Active Directory Documentation using AsBuiltReport @ TechMyth.

This module provides an easy way to cleanup Active Directory from dead/old objects based on various criteria. It can also disable, move or delete objects. It can utilize Azure AD, Intune and Jamf to get additional information about objects before deleting them.

CleanupMonster is a PowerShell module to that helps you clean up Active Directory. It's a complete solution that allows you to remove stale Computer (Users will be added in future) objects from Active Directory. It's a very advanced module with many options and you can easily customize it to your needs. Please make sure to run this module with proper permissions or you may get wrong results. By default Active Directory domain allows a standard user to read LastLogonDate and LastPasswordSet attributes. If you have changed those settings you may need to run the module with elevated permissions even for reporting needs.

Related contents

• Ordinateurs inactifs : comment nettoyer l’Active Directory avec CleanupMonster ? @ IT Connect .

Your Microsoft Security test automation framework!

Monitor your Microsoft 365 tenant's security configuration using Maester!

Maester is an open source PowerShell-based test automation framework designed to help you monitor and maintain the security configuration of your Microsoft 365 environment.

• Maester @ GitHub.
• Maester, l’outil pour automatiser vos tests de sécurité Microsoft 365 @ IT Connect .

Arcane - A secure remote desktop application for Windows with the particularity of having a server entirely written in PowerShell and a cross-platform client (Python/QT6).

Arcane, previously known as PowerRemoteDesktop, is a remote desktop application distinguished by its server being entirely written in PowerShell.

The server is implemented as a single PowerShell script that can also be used as a module that can be run on any Windows machine with PowerShell 5.1 or later (higher versions are recommended for better performance). It has been tested on Windows 10 (both x86-32 and x86-64 architectures) and Windows 11 x86-32, x86-64 and ARM64.

VirtualGHOST Detection Tool

This repository contains a PowerShell script leveraging VMWare PowerCLI to identify unregistered VMWare Virtual Machines (VMs) that are powered on by comparing the list of VMs registered in the inventory (vCenter or ESXi) vs. those that are powered on.

• VirtualGHOST : détectez les machines virtuelles cachées par les attaquants sur VMware ESXi @ IT-Connect .

Identify the accounts most vulnerable to dictionary attacks.

PassTester is a tool for finding user passwords that are most vulnerable to dictionary attacks. The aim is to prompt the users concerned to choose a more secure password.

• Comment peut-on évaluer la résistance des mots de passe utilisateurs aux attaques par dictionnaire lors d'un audit de sécurité ? @ Aurélien BOURDOIS's LinkedIn .

Secure infrastructure in minutes. Hardening Active Directory and Office 365.

• Harden @ GitHub.
• Hardening AD : Sécuriser vos infrastructures avec HardenAD @ Hamza Kondah's LinkedIn .
• bonnes pratiques en termes de configurations et durcissements autour de l'Active Directory @ Laurent M.'s LinkedIn .

PowerShell Training for the People.

Under the Wire trains experienced, developing, and novice Information Technologists to use Windows PowerShell in a variety of situations through innovative and fun wargames.

• Under The Wire, un wargame pour apprendre PowerShell @ IT-Connect .

The ubiquitous test and mock framework for PowerShell.

• Pester @ GitHub.

A simple, fun, and interactive way to learn the PowerShell language through Pester unit testing.

Inspired by Chris Marinos' fantastic F# koans, the goal of the PowerShell koans is to teach you PowerShell by presenting you with a set of questions. Each kōan (each question) is represented by a failing Pester test. Your goal is to make those tests pass by filling out the correct answer, or writing the correct code. The koans start very simple to get you familiar with the basic concepts and progress towards more difficult. Teaching you multiple beginner, intermediate and advanced aspects of PowerShell in the process.

• Comment apprendre et progresser en PowerShell à l’aide de PSKoans ? @ IT-Connect .