🔎 Threat Hunter`s Collection (THC)

The Threat Hunter's Collection is a single PowerShell script that consolidates a diverse array of tools, a beginning to creating a comprehensive toolkit for cyber threat hunters.

This collection aims to simplify the threat hunting process by providing a single point of access to various tools, eliminating the need for tedious setup, sourcing downloads, or complex commands.

The toolkit promotes portability, allowing hunters to be creative—whether on a USB drive, as an email template, or CURL it from a repository for convenient and efficient threat hunting on the go. Explore the tools, contribute to the project, and enhance your threat hunting capabilities with the Threat Hunter's Collection.

✅ Features

Host Info - Enumerate host info + stdout to an exportable .txt File
Sysmon - Log system activity to the Windows Event Log
DeepBlueCLI - Hunt via Sysmon & Windows Event Logs
AutoRuns - Hunt for scheduled tasks and persistence.
ProcMon - Hunt file system, registry, & process/thread activity
ProcExp - Hunt DLLs Processes
TCPView - Hunt all TCP and UDP connections
AccessEnum - Hunt file system, registry, permissions security settings
WizTree - Hunt file structure

⚙️ How to Start

Download the single THC powershell script (Optional: You can move the script to your desktop)

Run a powershell terminal as administrator.

Traverse to your download folder or desktop (depending on where THC.ps1 is)

Enable scripting by pasting this to your terminal (also found in the first line of the powershell script so you don't have to come here to copy pasta)

powershell.exe -noprofile -executionpolicy bypass -file .\THC.ps1