Pinned Repositories
Anydesk_Forensics
AutomatedProfiler
Automated forensics written in PowerShell
BlueSpectrum
An IOC framework written in PowerShell
Group_Policy
A series of GPO templates
Invoke-Fail2Ban
PowerShell version of Fail2Ban
Invoke-HiveNightmare
PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer
Invoke-SRUMDump
A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
PoSh-R2
PowerShell - Rapid Response... For the incident responder in you!
PoSh-R2_GUI
GUI version of PoSh-R2
PowerShell
A series of scripts
WiredPulse's Repositories
WiredPulse/PoSh-R2
PowerShell - Rapid Response... For the incident responder in you!
WiredPulse/PowerShell
A series of scripts
WiredPulse/Invoke-HiveNightmare
PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer
WiredPulse/AutomatedProfiler
Automated forensics written in PowerShell
WiredPulse/Anydesk_Forensics
WiredPulse/Invoke-SRUMDump
A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
WiredPulse/Invoke-Fail2Ban
PowerShell version of Fail2Ban
WiredPulse/Invoke-AZExplorer
Microsoft Azure Survey
WiredPulse/TeamViewer_Forensics
A series of functions to parse Teamviewer logs to answer specific questions
WiredPulse/ConnectWise_Forensics
WiredPulse/IIS_Log_Parser
IIS Logs
WiredPulse/EventLog_Parsers
Series of scripts to parse the event log for analysis
WiredPulse/Invoke-HAFNIUMCheck.ps1
Script used to identify compromise via CVEs 2021-26855, 26857, 26858, and 27065
WiredPulse/Briefs-and-Guides
WiredPulse/Invoke-ProcessSuspend
Suspending Processes using PS
WiredPulse/RMM_hunt
Google SecOps script to identify remote access tools
WiredPulse/CVE-Checker
Collection of script to check for CVEs
WiredPulse/Invoke-HashFinder
Searches for a supplied list of SHA1 or SHA256 hashes on a system. Requires either a file size or creation date that is associated with the binary that the hashes were retrieved from.
WiredPulse/Invoke-HiveDreams
A capability to identify and remediate CVE-2021-36934 (HiveNightmare)
WiredPulse/Invoke-PrinterNightmareResponse
WiredPulse/PoSh-Bitvise-Log-Parser
Parsing Bitvise logs with PowerShell
WiredPulse/FirstAlert
A very simple script to aid in preventing ransomware payloads
WiredPulse/Get-TeamsFiles
Downloads all files that you've ever uploaded to Microsoft Teams
WiredPulse/HiveNightmare
Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
WiredPulse/Invoke-PSSlack
Slack + PowerShell = :)
WiredPulse/Invoke-RegParser
WiredPulse/Invoke-SinkholeDomain
Sinkholes domains
WiredPulse/PowerShell-Saturday
This repository is a place to store Speaker content for the Raleigh PowerShell Saturday events.
WiredPulse/PS_RMM_Hunt
WiredPulse/which-reality
PHP code to determine which reality (Server OS and web app versions) the app is running in (yeah... it's a play on Rick and Morty)