Active 2024-12-01

PowerShell-Hunter

PowerShell tools to help defenders hunt smarter, hunt harder. A collection of scripts, queries, and techniques for threat hunting using PowerShell.

powershell hunting defense triage forensics detection
View on GitHub
Quickstart
Get started instantly
git clone https://github.com/MHaggis/PowerShell-Hunter.git && cd PowerShell-Hunter && Import-Module .\PSHunter.psm1

The Problem

Defenders need to quickly hunt for threats across Windows environments, but existing tools are either too complex, too slow, or don't integrate well with existing workflows. There's a gap between having threat intelligence and being able to operationalize it quickly.

The Solution

PowerShell-Hunter provides a collection of ready-to-use PowerShell scripts and modules that enable rapid threat hunting. The tools are designed to be modular, easy to customize, and work seamlessly with Windows environments. Each module targets specific hunting use cases and can be combined for comprehensive coverage.

Impact

Used by defenders worldwide to reduce time to detection. The modular design means teams can adopt specific tools without overhauling their existing processes. Community contributions continue to expand coverage for emerging threats.

Overview

PowerShell-Hunter is designed for security practitioners who need to quickly operationalize threat intelligence and hunt for indicators across their Windows environment.

Key Features

  • Modular Design: Each script is standalone and can be used independently
  • Customizable: Easy to modify for your specific environment
  • Well-Documented: Clear comments and examples throughout
  • Active Development: Regularly updated with new detection capabilities

Example Usage

# Import the module
Import-Module .\PSHunter.psm1

# Hunt for suspicious processes
Get-SuspiciousProcess -Verbose

# Search for LOLBins usage
Find-LOLBinUsage -Path C:\Windows\System32

# Analyze scheduled tasks
Get-SuspiciousScheduledTasks

Integration

PowerShell-Hunter works great alongside:

  • Sysmon for enhanced logging
  • Windows Event Logs for historical analysis
  • SIEM platforms for centralized hunting

Contributing

Contributions are welcome! Check the GitHub repository for contribution guidelines and open issues.

Start hunting smarter with PowerShell-Hunter

Get Started Report Issue

Related Modules

Active

Atomics on a Friday

Weekly YouTube show exploring atomic tests, detection engineering, and security research. Live demonstrations and deep dives into attack techniques.

youtube atomic-red-team detection education +1
View Module → GitHub
Active

Bootloaders.io

A curated list of known malicious bootloaders for various operating systems. Track and catalog bootloader threats with detection rules and hash prevention.

bootloader bootkit detection defense +1
View Module → GitHub