-
Notifications
You must be signed in to change notification settings - Fork 10
Home
Scott Sutherland edited this page Mar 21, 2022
·
16 revisions
Invoke-HuntPersistPR is a modular hunting framework written in PowerShell designed to:
- Identify signs of compromise based on artifacts left behind by common MITRE ATT&CK techniques. It is not designed for identifying known bad files/domains/IPs associated with specific APTs/malware. However, it would be easy to write modules for that. ;)
- Discover accessible systems associated with a Active Directory domain automatically.
- Collect data source information from systems using PowerShell Remoting and easy to build collection modules.
- Analyze collected data using easy to build analysis modules based on behavior.
- Report summary data and initial insights that can help analysts get started on simple threat hunting exercises that focus on common persistence and related techniques.
This is not a novel approach to hunting, but I thought the project was worth sharing for those who want to play with it. User and developer guides can be found on the wiki here.
Author
Scott Sutherland (@_nullbind)
License
BSD 3-Clause