AutoRuns is a module that will help do live incident response and enumerate autoruns artifacts that may be used by legitimate programs as well as malware to achieve persistence

A module to facilitate the testing of attack techniques and their corresponding procedures.

A PowerShell module that runs Atomic Red Team tests from yaml definition files.

NetCease is a module that will help disable Net Session Enumeration

CimSweep is a suite of CIM/WMI-based tools that enable the ability to perform incident response and hunting operations remotely across all versions of Windows. CIM/WMI obviates the need for the installation of a host-based agent. The WMI service is running by default on all versions of Windows.

This is an open source, community project that provides a powerful command-line interface for managing and monitoring your Armor Complete (secure public cloud) and Armor Anywhere (security as a service) environments and accounts via a PowerShell module with cmdlets that interact with the published RESTful APIs. Every code push is built using psa... More info

AdobeGPOTemplates is a module that will help create group policies (GPO) ADMX templates for Adobe Reader and Acrobat

SCManager is a module that will help disable remote Service Controller enumeration and block the remote use of psexec.exe and sc.exe

ASRRules is a module that will help view and modify Attack Surface Reduction Rules provided by Windows Defender

A PowerShell module to simulate attacks and assess security controls in the cloud. This module defines adversary techniques used by the Cloud Katana project, a cloud native serverless application based on Azure Functions to automate attack simulations

MalwareBazaar is a module that uses its Rest API to gather intel about malware