Skip to content

JavelinNetworks/IR-Tools

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Collection of Microsoft PowerShell modules that can be used to aid with forensics of domain based attacks on an infected host.

CodeExecution

Execute code on a target machine using Import-Module.

Get-ShellContent

Extracts live input and output of any commandline process, running or dumped, encrypted or plaintext from a remote computer.

Get-SessionsAnomaly

Finds existence of Pass-The-Ticket and Pass-The-Hash attacks on a remote machine.

License

The IT-Tools project and all individual scripts are under the [BSD 3-Clause license] unless explicitly noted otherwise.

Usage

To install any of these modules, drop the powershell scripts into a directory and type Import-Module PathTo\scriptName.ps1

Then run the Module from the Powershell.

Refer to the comment-based help in each individual script for detailed usage information.

Releases

No releases published

Packages

No packages published