investigators-toolkit

Tools for threat hunting & cyber incident response

---

Project maintained by ndr-repo Hosted on GitHub Pages — Theme by mattgraham

investigators-toolkit

Tools for threat hunting & cyber incident response

scheduledExecHunter

Automated threat hunting for executable files in scheduled tasks

• Discovers Scheduled Tasks with file execution instructions
• Displays location of executable file
• Creates SHA256 file checksum hash
• Searches each hash on Open Threat Exchange
• Displays results of each hash searched on OTX

netListenHunter

Automated threat hunting for TCP listener files

• Discovers running files listening on TCP ports
• Displays location of file
• Creates SHA256 file checksum hash
• Searches each hash on Open Threat Exchange
• Displays results of each hash searched on OTX

evtxFind

EVTX file discovery in System32

• Discovers event log files for external processing (ie: DeepBlueCLI )
• Orders event log files by size & last write time