investigators-toolkit

Tools for threat hunting & cyber incident response

scheduledExecHunter

Automated threat hunting for executable files in scheduled tasks

Discovers Scheduled Tasks with file execution instructions
Displays location of executable file
Creates SHA256 file checksum hash
Searches each hash on Open Threat Exchange
Displays results of each hash searched on OTX

netListenHunter

Automated threat hunting for TCP listener files

Discovers running files listening on TCP ports
Displays location of file
Creates SHA256 file checksum hash
Searches each hash on Open Threat Exchange
Displays results of each hash searched on OTX

evtxFind

EVTX file discovery in System32

Discovers event log files for external processing (ie: DeepBlueCLI )
Orders event log files by size & last write time

Name		Name	Last commit message	Last commit date
Latest commit History 16 Commits
LICENSE		LICENSE
README.md		README.md
_config.yml		_config.yml
evtxFind.ps1		evtxFind.ps1
netListenHunter.ps1		netListenHunter.ps1
scheduledExecHunter.ps1		scheduledExecHunter.ps1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

investigators-toolkit

scheduledExecHunter

netListenHunter

evtxFind

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

ndr-repo/investigators-toolkit

Folders and files

Latest commit

History

Repository files navigation

investigators-toolkit

scheduledExecHunter

netListenHunter

evtxFind

About

Topics

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages