Search Results for "objects detection"

MemProcFS-Analyzer is a forensic analysis toolset that builds on the MemProcFS virtual filesystem to make volatile memory artefacts easier to browse and interpret. By exposing process memory, kernel objects, and derived artifacts as regular files, the framework lets analysts use familiar filesystem operations and standard tools (editors, grep, diff) to explore memory snapshots. The Analyzer layer adds higher-level parsing and extraction routines—for example, carving strings, locating...

DeepBlueCLI is a PowerShell-centric threat-hunting toolkit built to extract, normalize, and flag suspicious activity from Windows event logs and Sysmon telemetry. It parses common sources—including Windows Security, System, Application, PowerShell logs, and Sysmon event ID 1—then applies a rich set of detection heuristics for things like suspicious account changes, password guessing and spraying, service tampering, PowerShell obfuscation and download-string usage, long or unusual command lines, and credential dumping attempts. Output is emitted as native PowerShell objects so analysts can pipe results to CSV, JSON, HTML, GridView, or custom pipelines for further triage and reporting. ...

BadBlood is a PowerShell toolkit that programmatically populates a Microsoft Active Directory domain with a realistic, large-scale structure of OUs, users, groups, computers, and permissions so defenders and testers can practice discovery, hardening, and incident response on a lifelike environment. It intentionally randomizes its output on every run so the created domain, objects, and ACL relationships are different each time, which helps teams exercise tooling and detection logic against varied scenarios. The project is driven by a single entry script (Invoke-BadBlood.ps1) and a collection of modular components that create OUs, seed users and groups, set ACLs, configure LAPS scenarios, and generate other attack/defense artifacts for lab use. ...