PSGumshoe
2.0.13
PowerShell module for data collection, incident response, hunting, and security analysis
Installation Options
Owners
Package Details
Author(s)
- Carlos Perez (carlos_perez@darkoperator.com)
Functions
Get-NamedPipe Measure-CharacterFrequency Measure-DamerauLevenshteinDistance Measure-VectorSimilarity Get-DSForest Get-DSDirectoryEntry Get-DSDirectorySearcher Get-DSComputer Get-DSDomain Get-DSGpo Get-DSUser Get-DSGroup Get-DSReplicationAttribute Get-DSGroupMember Get-DSOU Get-DSTrust Get-DSObjectAcl Get-EventPsEngineState Get-EventPsScriptCommandExec Get-EventPsPipeline Get-EventPsIPC Get-EventPsScriptBlock Get-WinEventBaseXPathFilter Get-SysmonProcessAccess Get-SysmonConfigChange Get-SysmonConnectNamedPipe Get-SysmonCreateNamedPipe Get-SysmonCreateRemoteThreadEvent Get-SysmonDriverLoadEvent Get-SysmonFileCreateEvent Get-SysmonFileStreamHash Get-SysmonFileTime Get-SysmonFileDeleteEvent Get-SysmonFileDeleteDetectedEvent Get-SysmonImageLoadEvent Get-SysmonNetworkConnect Get-SysmonProcessCreateEvent Get-SysmonProcessTampering Get-SysmonProcessTerminateEvent Get-SysmonRawAccessRead Get-SysmonRegistryKey Get-SysmonRegistryRename Get-SysmonRegistrySetValue Get-SysmonServiceStateChange Get-SysmonWmiBinding Get-SysmonWmiConsumer Get-SysmonWmiFilter Get-SysmonDNSQuery Get-SysmonProcessActivityEvent Get-SysmonClipboardChange Get-SysmonError Get-EventSystemLogon Get-EventSystemLogonFailure Get-EventSystemLogoff Get-EventTerminalLogon Get-EventTerminalLogoff Get-EventScheduledTaskStart Get-EventScheduledTaskProcess Get-EventScheduledTaskStop Get-EventScheduledTaskComplete Get-EventBitsTransferComplete Get-EventBitsTransferStart Get-EventKerberosPreAuthFailure Get-EventKerberosTGTRequest Get-EventSystemLoginAttempt Get-SysmonAccessMask Get-SysmonRuleHash Get-SysmonFileBlockExecutable Get-SysmonFileBlockShredding Get-SysmonFileExecutableDetected ConvertTo-SysmonRule Get-EventProcessCreate Clear-WinEvent Export-WinEvent Get-EventWmiQueryError Get-EventWmiProviderStart Get-EventWmiOperationFailure Get-EventWmiTemporaryEvent Get-EventWmiPermanentEvent Get-EventWmiObjectAccess Get-EventVHDImageMount convertFrom-EventLogRecord ConvertFrom-EventlogSDDL Get-FilteredEvent Export-EventLogToCSV Split-EventRecordCsv Get-CimLogonSession Get-CimProcessLogonSession Get-CimProcess Get-CimComputerInfo Get-CimDNSCache Get-CimNetLogon New-NavigatorJson ConvertTo-SDDL
Dependencies
This module has no dependencies.
FileList
- PSGumshoe.nuspec
- LICENSE
- README.md
- Analysis\Measure-DamerauLevenshteinDistance.ps1
- CIM\Get-CimLogonSession.ps1
- CIM\Get-CimService.ps1
- DirectoryService\Get-DSDirectorySearcher.ps1
- DirectoryService\Get-DSGpo.ps1
- DirectoryService\Get-DSOU.ps1
- DirectoryService\PrivateFunctions.ps1
- EventLog\ConvertFrom-EventLogRecord.ps1
- EventLog\Export-EventLogToCSV.ps1
- EventLog\Get-EventKerberosPreAuthFailure.ps1
- EventLog\Get-EventPsIPC.ps1
- EventLog\Get-EventScheduledTaskComplete.ps1
- EventLog\Get-EventSystemLoginAttempt.ps1
- EventLog\Get-EventTerminalLogoff.ps1
- EventLog\Get-EventWmiOperationFailure.ps1
- EventLog\Get-FilteredEvent.ps1
- EventLog\Get-SysmonConnectNamedPipe.ps1
- EventLog\Get-SysmonDriverLoadEvent.ps1
- EventLog\Get-SysmonFileCreateEvent.ps1
- EventLog\Get-SysmonFileExecutableDetected.ps1
- EventLog\Get-SysmonImageLoadEvent.ps1
- EventLog\Get-SysmonProcessActivityEvent.ps1
- EventLog\Get-SysmonProcessTerminateEvent.ps1
- EventLog\Get-SysmonRegistryRename.ps1
- EventLog\Get-SysmonServiceStateChange.ps1
- EventLog\Get-SysmonWmiFilter.ps1
- EventLog\Search-EventLogEventXML.ps1
- EventLog\Split-EventRecordCsv.ps1
- tests\Measure-CharacterFrequency.tests.ps1
- Volatile\Get-LogonSession.ps1
- .vscode\launch.json
- Analysis\Measure-VectorSimilarity.ps1
- CIM\Get-CimNetLogon.ps1
- DirectoryService\Get-DSComputer.ps1
- DirectoryService\Get-DSDomain.ps1
- DirectoryService\Get-DSGroup.ps1
- DirectoryService\Get-DSReplicationAttribute.ps1
- Event\Get-EventDNSClientDomains.ps1
- EventLog\ConvertFrom-EventLogSDDL.ps1
- EventLog\Export-WinEvent.ps1
- EventLog\Get-EventKerberosTGTRequest.ps1
- EventLog\Get-EventPsPipeline.ps1
- EventLog\Get-EventScheduledTaskProcess.ps1
- EventLog\Get-EventSystemLogoff.ps1
- EventLog\Get-EventTerminalLogon.ps1
- EventLog\Get-EventWmiPermanentEvent.ps1
- EventLog\Get-SysmonAccessMask.ps1
- EventLog\Get-SysmonCreateNamedPipe.ps1
- EventLog\Get-SysmonError.ps1
- EventLog\Get-SysmonFileDeleteDetectedEvent.ps1
- EventLog\Get-SysmonFileStreamHash.ps1
- EventLog\Get-SysmonNetworkConnect.ps1
- EventLog\Get-SysmonProcessCreateEvent.ps1
- EventLog\Get-SysmonRawAccessRead.ps1
- EventLog\Get-SysmonRegistrySetValue.ps1
- EventLog\Get-SysmonWmiBinding.ps1
- EventLog\Get-WinEventBaseXPathFilter.ps1
- EventLog\Search-EventLogUserData.ps1
- mitre\New-NavigatorJson.ps1
- tests\Measure-VectorSimilarity.tests.ps1
- Volatile\Get-NamedPipe.ps1
- PSGumshoe.psd1
- Analysis\ConvertTo-SDDL.ps1
- CIM\Get-CimComputerInfo.ps1
- CIM\Get-CimProcess.ps1
- DirectoryService\Get-DSDirectoryEntry.ps1
- DirectoryService\Get-DSForest.ps1
- DirectoryService\Get-DSGroupMember.ps1
- DirectoryService\Get-DSTrust.ps1
- EventLog\Clear-WinEvent.ps1
- EventLog\ConvertFrom-SysmonEventLogRecord.ps1
- EventLog\Get-EventBitsTransferComplete.ps1
- EventLog\Get-EventProcessCreate.ps1
- EventLog\Get-EventPsScriptBlock.ps1
- EventLog\Get-EventScheduledTaskStart.ps1
- EventLog\Get-EventSystemLogon.ps1
- EventLog\Get-EventVHDImageMount.ps1
- EventLog\Get-EventWmiProviderStart.ps1
- EventLog\Get-SysmonClipboardChange.ps1
- EventLog\Get-SysmonCreateRemoteThreadEvent.ps1
- EventLog\Get-SysmonFileBlockExecutable.ps1
- EventLog\Get-SysmonFileDeleteEvent.ps1
- EventLog\Get-SysmonFileTime.ps1
- EventLog\Get-SysmonProcessAccess.ps1
- EventLog\Get-SysmonProcessTampering.ps1
- EventLog\Get-SysmonRegistryKey.ps1
- EventLog\Get-SysmonRuleHash.ps1
- EventLog\Get-SysmonWmiConsumer.ps1
- EventLog\Search-EventLogEventData.ps1
- EventLog\Search-SysmonEvent.ps1
- tests\Get-NamedPipe.tests.ps1
- Volatile\Get-InjectedThread.ps1
- Volatile\Stop-Thread.ps1
- PSGumshoe.psm1
- Analysis\Measure-CharacterFrequency.ps1
- CIM\Get-CimDNSCache.ps1
- CIM\Get-CimProcessLogonSession.ps1
- DirectoryService\Get-DSDirectoryEntry.Tests.ps1
- DirectoryService\Get-DSForest.Tests.ps1
- DirectoryService\Get-DSObjectAcl.ps1
- DirectoryService\Get-DSUser.ps1
- EventLog\ConvertFrom-EventEventXMLRecord.ps1
- EventLog\ConvertTo-SysmonRule.ps1
- EventLog\Get-EventBitsTransferStart.ps1
- EventLog\Get-EventPsEngineState.ps1
- EventLog\Get-EventPsScriptCommandExec.ps1
- EventLog\Get-EventScheduledTaskStop.ps1
- EventLog\Get-EventSystemLogonFailure.ps1
- EventLog\Get-EventWmiObjectAccess.ps1
- EventLog\Get-EventWmiTemporaryEvent.ps1
- EventLog\Get-SysmonConfigChange.ps1
- EventLog\Get-SysmonDNSQuery.ps1
- EventLog\Get-SysmonFileBlockShredding.ps1
Version History
Version | Downloads | Last updated |
---|---|---|
2.0.13 (current version) | 306 | 12/1/2024 |
2.0.11 | 1,335 | 7/14/2023 |
2.0.10 | 81 | 5/18/2023 |
2.0.9 | 74 | 4/7/2023 |
2.0.8 | 12 | 4/6/2023 |
2.0.7 | 79 | 2/6/2023 |
2.0.6 | 7 | 2/1/2023 |
2.0.5 | 6 | 2/1/2023 |
2.0.4 | 38 | 10/8/2022 |
2.0.3 | 23 | 9/12/2022 |
2.0.2 | 128 | 3/29/2022 |
2.0.1 | 18 | 3/27/2022 |
2.0.0 | 18 | 3/26/2022 |
1.7.3 | 312 | 4/22/2021 |
1.7.2 | 16 | 4/21/2021 |
1.7.1 | 81 | 3/13/2021 |
1.7 | 14 | 3/13/2021 |
1.6 | 77 | 1/13/2021 |
1.5 | 88 | 6/3/2020 |
1.3 | 15 | 6/2/2020 |