oneoffdallas/check_ioc
Check_ioc is a script to check for various, selectable indicators of compromise on Windows systems via PowerShell and Event Logs. It was primarily written to be run on a schedule from a monitoring engine such as Nagios, however, it may also be run from a command-line (for incident response). For more information on the script and the logic behind it, check out https://www.linuxincluded.com/uncovering-indicators-of-compromise.
PowerShellGPL-2.0
Stargazers
- 0xbadjujuNetSPI
- a3rosol
- acnwgirl
- akai-z@myjamstore
- blkbrd
- chudamax
- Cnlouds
- coonsmatthew
- darkr4yPand0ra
- hslatman@smallstep
- iamtutuAbu Dhabi
- icanhasflag
- jarhoadsPittsburgh
- m8urnettXato
- marcpretNew York
- MattHodgeStackOverflow
- mattulmUSA
- mcleodjp
- menendezjaume
- mgaulton
- mgreen27Sydney
- nullbind@NetSPI
- opexxxNeedToKnow Ltd.
- opsecure
- redteamcaliberREDTEAM Security Systems, Ltd
- Ricardo-GarridoRIS 2048
- rmusser01Someplace
- Scarthan
- sirrushooUSA
- Status-418
- SteevBBlack Diamond Memory
- tikumsSwitzerland
- trietptmTRIETPTM INFOSEC
- whitehat-zero
- willemdhOutsideIT
- xhd4BI.ZONE