Fernando Tomlinson's repositories
PowerShell
A series of scripts
Invoke-HiveNightmare
PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer
AutomatedProfiler
Automated forensics written in PowerShell
Invoke-SRUMDump
A pure PowerShell/ .NET DFIR capability that dumps the Windows SRUM (System Resource Usage Monitor) database to CSVs for analysis.
Invoke-Fail2Ban
PowerShell version of Fail2Ban
TeamViewer_Forensics
A series of functions to parse Teamviewer logs to answer specific questions
Invoke-AZExplorer
Microsoft Azure Survey
Invoke-GhostLog
Removal of certain event logs within a Windows OS
IIS_Log_Parser
IIS Logs
Invoke-Unbup
Decrypts McAfee quarantine files
EventLog_Parsers
Series of scripts to parse the event log for analysis
Invoke-HAFNIUMCheck.ps1
Script used to identify compromise via CVEs 2021-26855, 26857, 26858, and 27065
Invoke-ProcessSuspend
Suspending Processes using PS
CVE-Checker
Collection of script to check for CVEs
Invoke-HashFinder
Searches for a supplied list of SHA1 or SHA256 hashes on a system. Requires either a file size or creation date that is associated with the binary that the hashes were retrieved from.
Invoke-HiveDreams
A capability to identify and remediate CVE-2021-36934 (HiveNightmare)
PoSh-Bitvise-Log-Parser
Parsing Bitvise logs with PowerShell
FirstAlert
A very simple script to aid in preventing ransomware payloads
Get-TeamsFiles
Downloads all files that you've ever uploaded to Microsoft Teams
HiveNightmare
Exploit allowing you to read registry hives as non-admin on Windows 10 and 11
Invoke-PSSlack
Slack + PowerShell = :)
Invoke-SinkholeDomain
Sinkholes domains
PowerShell-Saturday
This repository is a place to store Speaker content for the Raleigh PowerShell Saturday events.
which-reality
PHP code to determine which reality (Server OS and web app versions) the app is running in (yeah... it's a play on Rick and Morty)