365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD (We recommend installing the AzureADPreview module), Exchange administration, Microsoft Graph, Microsoft Intune, Microsoft Teams, and Sharepoint administration. The 365Inspect.ps1 PowerShell script will validate the installed modules. If you do not have these modules installed, you will be prompted to install them, and with your approval, …
Tag Archives: PowerShell Script
Live-Forensicator : Powershell Script To Aid Incidence Response And Live Forensics
Live Forensicator is part of the Black Widow Toolbox, its aim is to assist Forensic Investigators and Incidence responders in carrying out a quick live forensic investigation. It achieves this by gathering different system information for further review for anomalous behaviour or unexpected data entry, it also looks out for unusual files or activities and …
CSIRT-Collect : PowerShell Script To Collect Memory And (Triage) Disk Forensics
CSIRT-Collect is a PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission requirements for said directory will be dependent on the nuances of …
Continue reading “CSIRT-Collect : PowerShell Script To Collect Memory And (Triage) Disk Forensics”
CSIRT-Collect : PowerShell Script To Collect Memory And (Triage) Disk Forensics
CSIRT-Collect is a PowerShell script to collect memory and (triage) disk forensics for incident response investigations. The script leverages a network share, from which it will access and copy the required executables and subsequently upload the acquired evidence to the same share post-collection. Permission requirements for said directory will be dependent on the nuances of …
Continue reading “CSIRT-Collect : PowerShell Script To Collect Memory And (Triage) Disk Forensics”
CredPhish : A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS
CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender’s ConfigSecurityPolicy.exe to perform arbitrary GET requests. For a walkthrough, see the Black Hills Infosec publication. How To Phish For User Passwords With PowerShell Spoofing credential prompts is an effective privilege escalation and lateral movement …
Invoke-Stealth : Simple And Powerful PowerShell Script Obfuscator
Invoke-Stealth is a Simple & Powerful PowerShell Script Obfuscator. This tool helps you to automate the obfuscation process of any script written in PowerShell with different techniques. You can use any of them separately, together or all of them sequentially with ease, from Windows or Linux. Requirements Powershell 4.0 or higher Bash* Python 3* *Required to …
Continue reading “Invoke-Stealth : Simple And Powerful PowerShell Script Obfuscator”