├── .github └── ISSUE_TEMPLATE │ ├── bug-report.md │ └── feature-request.md ├── .gitignore ├── Config.example.psd1 ├── Extras ├── Extras.md ├── PR_Logo.PNG ├── Plugin-Template.ps1 ├── Power-Response.GIF ├── Power-Response_Eradicate_Template.csv ├── Power-Response_Import-Computers_Template.csv ├── Power-Response_Path-Import_Template.csv ├── Power-Response_Scoping_Template.csv └── Powering-Up-Incident-Response-with-Power-Response_Security_BsidesMSP.pdf ├── LICENSE ├── Plugins ├── Analysis │ ├── Analyze-Amcache.ps1 │ ├── Analyze-EventLogFiles.ps1 │ ├── Analyze-Jumplists.ps1 │ ├── Analyze-MaliciousDNSCache.ps1 │ ├── Analyze-MaliciousLocalUsers.ps1 │ ├── Analyze-MaliciousPrefetchListing.ps1 │ ├── Analyze-MaliciousProcessDLLs.ps1 │ ├── Analyze-MaliciousProcesses.ps1 │ ├── Analyze-MaliciousRunKeys.ps1 │ ├── Analyze-MaliciousScheduledTaskInfo.ps1 │ ├── Analyze-MaliciousServices.ps1 │ ├── Analyze-MaliciousUserAssist.ps1 │ ├── Analyze-MaliciousWMIBindings.ps1 │ ├── Analyze-NTFSArtifacts.ps1 │ ├── Analyze-Prefetch.ps1 │ ├── Analyze-RecentItems.ps1 │ ├── Analyze-RecycleBin.ps1 │ ├── Analyze-RegistryHives.ps1 │ ├── Analyze-Shellbags.ps1 │ └── Analyze-ShimCache.ps1 ├── Configuration │ ├── Collect-LocalUsers.ps1 │ ├── Collect-SystemInfo.ps1 │ └── Collect-UserProfileListing.ps1 ├── Disk │ ├── Collect-DownloadsListing.ps1 │ ├── Retrieve-FLSBody.ps1 │ ├── Retrieve-Items.ps1 │ ├── Retrieve-NTFSArtifacts.ps1 │ ├── Retrieve-RecycleBin.ps1 │ ├── Retrieve-RegistryHives.ps1 │ └── Retrieve-Shellbags.ps1 ├── Eradicate │ ├── Eradicate-Paths.ps1 │ ├── Eradicate-Processes.ps1 │ ├── Eradicate-RegistryKeys.ps1 │ ├── Eradicate-RegistryProperties.ps1 │ ├── Eradicate-ScheduledTasks.ps1 │ └── Eradicate-Services.ps1 ├── Execution │ ├── Collect-PrefetchListing.ps1 │ ├── Collect-ProcessDLLs.ps1 │ ├── Collect-Processes.ps1 │ ├── Collect-RecentItemsListing.ps1 │ ├── Collect-UserAssist.ps1 │ ├── Retrieve-Amcache.ps1 │ ├── Retrieve-Handles.ps1 │ ├── Retrieve-Jumplists.ps1 │ ├── Retrieve-Prefetch.ps1 │ ├── Retrieve-RecentItems.ps1 │ ├── Retrieve-ShimCache.ps1 │ ├── Retrieve-SigCheck.ps1 │ └── Retrieve-WindowsSearchData.ps1 ├── Hunt │ ├── Hunt-MaliciousDNSCache.ps1 │ ├── Hunt-MaliciousLocalUsers.ps1 │ ├── Hunt-MaliciousNetworkConnections.ps1 │ ├── Hunt-MaliciousPrefetchListing.ps1 │ ├── Hunt-MaliciousProcessDLLs.ps1 │ ├── Hunt-MaliciousProcesses.ps1 │ ├── Hunt-MaliciousRunKeys.ps1 │ ├── Hunt-MaliciousScheduledTaskInfo.ps1 │ ├── Hunt-MaliciousServices.ps1 │ ├── Hunt-MaliciousUserAssist.ps1 │ └── Hunt-MaliciousWMIBindings.ps1 ├── Import-Items.ps1 ├── Logs │ ├── Collect-WindowsEvents-Application.ps1 │ ├── Collect-WindowsEvents-Firewall.ps1 │ ├── Collect-WindowsEvents-PowerShell.ps1 │ ├── Collect-WindowsEvents-RDP.ps1 │ ├── Collect-WindowsEvents-SchedTasks.ps1 │ ├── Collect-WindowsEvents-Security.ps1 │ ├── Collect-WindowsEvents-System.ps1 │ ├── Collect-WindowsEvents-WMI.ps1 │ ├── Collect-WindowsEvents.ps1 │ ├── Collect-WindowsEventsDetailed.ps1 │ ├── Retrieve-EventLogFiles.ps1 │ ├── Retrieve-PSReadLine.ps1 │ └── Retrieve-SRUMDB.ps1 ├── Memory │ └── Retrieve-MemoryWinpmem.ps1 ├── Network │ ├── Collect-ArpCache.ps1 │ ├── Collect-DNSCache.ps1 │ ├── Collect-InterfaceDetails.ps1 │ ├── Collect-NetworkConnections.ps1 │ ├── Collect-NetworkProfiles.ps1 │ ├── Collect-NetworkRoutes.ps1 │ ├── Collect-SessionDrives.ps1 │ ├── Retrieve-BrowsingHistory.ps1 │ └── Retrieve-HostsFile.ps1 ├── Persistence │ ├── Collect-BITSJobs.ps1 │ ├── Collect-RegKeyPersistence.ps1 │ ├── Collect-ScheduledTaskDetails.ps1 │ ├── Collect-ScheduledTaskInfo.ps1 │ ├── Collect-Services.ps1 │ ├── Collect-StartupDirList.ps1 │ ├── Collect-StartupList.ps1 │ ├── Collect-WMIBindings.ps1 │ ├── Collect-WMIConsumers.ps1 │ ├── Collect-WMIFilters.ps1 │ ├── Retrieve-AutoRuns.ps1 │ ├── Retrieve-ChromeExtensions.ps1 │ ├── Retrieve-ScheduledTasks.ps1 │ └── Retrieve-Startup.ps1 ├── Scope │ ├── Scope-FileHashes.ps1 │ ├── Scope-Files.ps1 │ ├── Scope-IPAddresses.ps1 │ ├── Scope-LocalUsers.ps1 │ ├── Scope-Paths.ps1 │ ├── Scope-Processes.ps1 │ ├── Scope-RegistryKeys.ps1 │ ├── Scope-RegistryProperties.ps1 │ └── Scope-Services.ps1 └── Triage │ ├── Triage-Execution.ps1 │ ├── Triage-Network.ps1 │ ├── Triage-Persistence.ps1 │ └── Triage-WindowsArtifacts.ps1 ├── Power-Response.ps1 ├── README.md └── Setup.ps1 /.github/ISSUE_TEMPLATE/bug-report.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/.github/ISSUE_TEMPLATE/bug-report.md -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/.github/ISSUE_TEMPLATE/feature-request.md -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/.gitignore -------------------------------------------------------------------------------- /Config.example.psd1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Config.example.psd1 -------------------------------------------------------------------------------- /Extras/Extras.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/Extras.md -------------------------------------------------------------------------------- /Extras/PR_Logo.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/PR_Logo.PNG -------------------------------------------------------------------------------- /Extras/Plugin-Template.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/Plugin-Template.ps1 -------------------------------------------------------------------------------- /Extras/Power-Response.GIF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/Power-Response.GIF -------------------------------------------------------------------------------- /Extras/Power-Response_Eradicate_Template.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/Power-Response_Eradicate_Template.csv -------------------------------------------------------------------------------- /Extras/Power-Response_Import-Computers_Template.csv: -------------------------------------------------------------------------------- 1 | ComputerName 2 | -------------------------------------------------------------------------------- /Extras/Power-Response_Path-Import_Template.csv: -------------------------------------------------------------------------------- 1 | path 2 | -------------------------------------------------------------------------------- /Extras/Power-Response_Scoping_Template.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/Power-Response_Scoping_Template.csv -------------------------------------------------------------------------------- /Extras/Powering-Up-Incident-Response-with-Power-Response_Security_BsidesMSP.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Extras/Powering-Up-Incident-Response-with-Power-Response_Security_BsidesMSP.pdf -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/LICENSE -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-Amcache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-Amcache.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-EventLogFiles.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-EventLogFiles.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-Jumplists.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-Jumplists.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousDNSCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousDNSCache.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousLocalUsers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousLocalUsers.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousPrefetchListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousPrefetchListing.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousProcessDLLs.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousProcessDLLs.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousProcesses.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousProcesses.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousRunKeys.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousRunKeys.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousScheduledTaskInfo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousScheduledTaskInfo.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousServices.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousServices.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousUserAssist.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousUserAssist.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-MaliciousWMIBindings.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-MaliciousWMIBindings.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-NTFSArtifacts.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-NTFSArtifacts.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-Prefetch.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-Prefetch.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-RecentItems.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-RecentItems.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-RecycleBin.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-RecycleBin.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-RegistryHives.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-RegistryHives.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-Shellbags.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-Shellbags.ps1 -------------------------------------------------------------------------------- /Plugins/Analysis/Analyze-ShimCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Analysis/Analyze-ShimCache.ps1 -------------------------------------------------------------------------------- /Plugins/Configuration/Collect-LocalUsers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Configuration/Collect-LocalUsers.ps1 -------------------------------------------------------------------------------- /Plugins/Configuration/Collect-SystemInfo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Configuration/Collect-SystemInfo.ps1 -------------------------------------------------------------------------------- /Plugins/Configuration/Collect-UserProfileListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Configuration/Collect-UserProfileListing.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Collect-DownloadsListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Collect-DownloadsListing.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Retrieve-FLSBody.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Retrieve-FLSBody.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Retrieve-Items.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Retrieve-Items.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Retrieve-NTFSArtifacts.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Retrieve-NTFSArtifacts.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Retrieve-RecycleBin.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Retrieve-RecycleBin.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Retrieve-RegistryHives.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Retrieve-RegistryHives.ps1 -------------------------------------------------------------------------------- /Plugins/Disk/Retrieve-Shellbags.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Disk/Retrieve-Shellbags.ps1 -------------------------------------------------------------------------------- /Plugins/Eradicate/Eradicate-Paths.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Eradicate/Eradicate-Paths.ps1 -------------------------------------------------------------------------------- /Plugins/Eradicate/Eradicate-Processes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Eradicate/Eradicate-Processes.ps1 -------------------------------------------------------------------------------- /Plugins/Eradicate/Eradicate-RegistryKeys.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Eradicate/Eradicate-RegistryKeys.ps1 -------------------------------------------------------------------------------- /Plugins/Eradicate/Eradicate-RegistryProperties.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Eradicate/Eradicate-RegistryProperties.ps1 -------------------------------------------------------------------------------- /Plugins/Eradicate/Eradicate-ScheduledTasks.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Eradicate/Eradicate-ScheduledTasks.ps1 -------------------------------------------------------------------------------- /Plugins/Eradicate/Eradicate-Services.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Eradicate/Eradicate-Services.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Collect-PrefetchListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Collect-PrefetchListing.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Collect-ProcessDLLs.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Collect-ProcessDLLs.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Collect-Processes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Collect-Processes.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Collect-RecentItemsListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Collect-RecentItemsListing.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Collect-UserAssist.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Collect-UserAssist.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-Amcache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-Amcache.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-Handles.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-Handles.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-Jumplists.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-Jumplists.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-Prefetch.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-Prefetch.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-RecentItems.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-RecentItems.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-ShimCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-ShimCache.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-SigCheck.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-SigCheck.ps1 -------------------------------------------------------------------------------- /Plugins/Execution/Retrieve-WindowsSearchData.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Execution/Retrieve-WindowsSearchData.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousDNSCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousDNSCache.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousLocalUsers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousLocalUsers.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousNetworkConnections.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousNetworkConnections.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousPrefetchListing.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousPrefetchListing.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousProcessDLLs.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousProcessDLLs.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousProcesses.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousProcesses.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousRunKeys.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousRunKeys.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousScheduledTaskInfo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousScheduledTaskInfo.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousServices.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousServices.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousUserAssist.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousUserAssist.ps1 -------------------------------------------------------------------------------- /Plugins/Hunt/Hunt-MaliciousWMIBindings.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Hunt/Hunt-MaliciousWMIBindings.ps1 -------------------------------------------------------------------------------- /Plugins/Import-Items.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Import-Items.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-Application.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-Application.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-Firewall.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-Firewall.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-PowerShell.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-PowerShell.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-RDP.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-RDP.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-SchedTasks.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-SchedTasks.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-Security.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-Security.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-System.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-System.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents-WMI.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents-WMI.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEvents.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEvents.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Collect-WindowsEventsDetailed.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Collect-WindowsEventsDetailed.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Retrieve-EventLogFiles.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Retrieve-EventLogFiles.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Retrieve-PSReadLine.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Retrieve-PSReadLine.ps1 -------------------------------------------------------------------------------- /Plugins/Logs/Retrieve-SRUMDB.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Logs/Retrieve-SRUMDB.ps1 -------------------------------------------------------------------------------- /Plugins/Memory/Retrieve-MemoryWinpmem.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Memory/Retrieve-MemoryWinpmem.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-ArpCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-ArpCache.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-DNSCache.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-DNSCache.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-InterfaceDetails.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-InterfaceDetails.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-NetworkConnections.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-NetworkConnections.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-NetworkProfiles.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-NetworkProfiles.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-NetworkRoutes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-NetworkRoutes.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Collect-SessionDrives.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Collect-SessionDrives.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Retrieve-BrowsingHistory.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Retrieve-BrowsingHistory.ps1 -------------------------------------------------------------------------------- /Plugins/Network/Retrieve-HostsFile.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Network/Retrieve-HostsFile.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-BITSJobs.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-BITSJobs.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-RegKeyPersistence.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-RegKeyPersistence.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-ScheduledTaskDetails.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-ScheduledTaskDetails.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-ScheduledTaskInfo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-ScheduledTaskInfo.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-Services.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-Services.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-StartupDirList.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-StartupDirList.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-StartupList.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-StartupList.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-WMIBindings.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-WMIBindings.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-WMIConsumers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-WMIConsumers.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Collect-WMIFilters.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Collect-WMIFilters.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Retrieve-AutoRuns.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Retrieve-AutoRuns.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Retrieve-ChromeExtensions.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Retrieve-ChromeExtensions.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Retrieve-ScheduledTasks.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Retrieve-ScheduledTasks.ps1 -------------------------------------------------------------------------------- /Plugins/Persistence/Retrieve-Startup.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Persistence/Retrieve-Startup.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-FileHashes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-FileHashes.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-Files.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-Files.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-IPAddresses.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-IPAddresses.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-LocalUsers.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-LocalUsers.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-Paths.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-Paths.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-Processes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-Processes.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-RegistryKeys.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-RegistryKeys.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-RegistryProperties.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-RegistryProperties.ps1 -------------------------------------------------------------------------------- /Plugins/Scope/Scope-Services.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Scope/Scope-Services.ps1 -------------------------------------------------------------------------------- /Plugins/Triage/Triage-Execution.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Triage/Triage-Execution.ps1 -------------------------------------------------------------------------------- /Plugins/Triage/Triage-Network.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Triage/Triage-Network.ps1 -------------------------------------------------------------------------------- /Plugins/Triage/Triage-Persistence.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Triage/Triage-Persistence.ps1 -------------------------------------------------------------------------------- /Plugins/Triage/Triage-WindowsArtifacts.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Plugins/Triage/Triage-WindowsArtifacts.ps1 -------------------------------------------------------------------------------- /Power-Response.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Power-Response.ps1 -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/README.md -------------------------------------------------------------------------------- /Setup.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Asymmetric-InfoSec/Power-Response/HEAD/Setup.ps1 --------------------------------------------------------------------------------