PSGumshoe

2.0.13

PowerShell module for data collection, incident response, hunting, and security analysis

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSGumshoe

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name PSGumshoe

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Package Details

Author(s)

  • Carlos Perez (carlos_perez@darkoperator.com)

Functions

Get-NamedPipe Measure-CharacterFrequency Measure-DamerauLevenshteinDistance Measure-VectorSimilarity Get-DSForest Get-DSDirectoryEntry Get-DSDirectorySearcher Get-DSComputer Get-DSDomain Get-DSGpo Get-DSUser Get-DSGroup Get-DSReplicationAttribute Get-DSGroupMember Get-DSOU Get-DSTrust Get-DSObjectAcl Get-EventPsEngineState Get-EventPsScriptCommandExec Get-EventPsPipeline Get-EventPsIPC Get-EventPsScriptBlock Get-WinEventBaseXPathFilter Get-SysmonProcessAccess Get-SysmonConfigChange Get-SysmonConnectNamedPipe Get-SysmonCreateNamedPipe Get-SysmonCreateRemoteThreadEvent Get-SysmonDriverLoadEvent Get-SysmonFileCreateEvent Get-SysmonFileStreamHash Get-SysmonFileTime Get-SysmonFileDeleteEvent Get-SysmonFileDeleteDetectedEvent Get-SysmonImageLoadEvent Get-SysmonNetworkConnect Get-SysmonProcessCreateEvent Get-SysmonProcessTampering Get-SysmonProcessTerminateEvent Get-SysmonRawAccessRead Get-SysmonRegistryKey Get-SysmonRegistryRename Get-SysmonRegistrySetValue Get-SysmonServiceStateChange Get-SysmonWmiBinding Get-SysmonWmiConsumer Get-SysmonWmiFilter Get-SysmonDNSQuery Get-SysmonProcessActivityEvent Get-SysmonClipboardChange Get-SysmonError Get-EventSystemLogon Get-EventSystemLogonFailure Get-EventSystemLogoff Get-EventTerminalLogon Get-EventTerminalLogoff Get-EventScheduledTaskStart Get-EventScheduledTaskProcess Get-EventScheduledTaskStop Get-EventScheduledTaskComplete Get-EventBitsTransferComplete Get-EventBitsTransferStart Get-EventKerberosPreAuthFailure Get-EventKerberosTGTRequest Get-EventSystemLoginAttempt Get-SysmonAccessMask Get-SysmonRuleHash Get-SysmonFileBlockExecutable Get-SysmonFileBlockShredding Get-SysmonFileExecutableDetected ConvertTo-SysmonRule Get-EventProcessCreate Clear-WinEvent Export-WinEvent Get-EventWmiQueryError Get-EventWmiProviderStart Get-EventWmiOperationFailure Get-EventWmiTemporaryEvent Get-EventWmiPermanentEvent Get-EventWmiObjectAccess Get-EventVHDImageMount convertFrom-EventLogRecord ConvertFrom-EventlogSDDL Get-FilteredEvent Export-EventLogToCSV Split-EventRecordCsv Get-CimLogonSession Get-CimProcessLogonSession Get-CimProcess Get-CimComputerInfo Get-CimDNSCache Get-CimNetLogon New-NavigatorJson ConvertTo-SDDL

Dependencies

This module has no dependencies.

FileList

Version History

Version Downloads Last updated
2.0.13 (current version) 306 12/1/2024
2.0.11 1,335 7/14/2023
2.0.10 81 5/18/2023
2.0.9 74 4/7/2023
2.0.8 12 4/6/2023
2.0.7 79 2/6/2023
2.0.6 7 2/1/2023
2.0.5 6 2/1/2023
2.0.4 38 10/8/2022
2.0.3 23 9/12/2022
2.0.2 128 3/29/2022
2.0.1 18 3/27/2022
2.0.0 18 3/26/2022
1.7.3 312 4/22/2021
1.7.2 16 4/21/2021
1.7.1 81 3/13/2021
1.7 14 3/13/2021
1.6 77 1/13/2021
1.5 88 6/3/2020
1.3 15 6/2/2020
Show more