### Collection of Microsoft PowerShell modules that can be used to aid with forensics of domain based attacks on an infected host.
## CodeExecution
**Execute code on a target machine using Import-Module.**
#### `Get-ShellContent`
Extracts live input and output of any commandline process, running or dumped, encrypted or plaintext from a remote computer.
#### `Get-SessionsAnomaly`
Finds existence of Pass-The-Ticket and Pass-The-Hash attacks on a remote machine.
## License
The IT-Tools project and all individual scripts are under the [BSD 3-Clause license] unless explicitly noted otherwise.
## Usage
To install any of these modules, drop the powershell scripts into a directory and type `Import-Module PathTo\scriptName.ps1`
Then run the Module from the Powershell.
Refer to the comment-based help in each individual script for detailed usage information.
IR-Tools.zip (31个子文件) 
IR-Tools-master 
README.md 874B Strings2Managed x64 Release Strings2Managed.dll 1.17MB Stdafx.cpp 178B basics.cpp 1023B basics.h 99B Strings2Managed.v12.suo 13KB resource.h 88B strings2.cpp 9KB print_buffer.cpp 2KB targetver.h 752B string_parser.h 4KB module.h 309B AssemblyInfo.cpp 1KB Strings2ManagedWrapper.cpp 1KB module.cpp 496B string_parser.cpp 12KB Strings2Managed.sln 2KB DynArray.h 4KB Strings2Managed.vcxproj 11KB strings2.h 423B Strings2ManagedWrapper.h 751B Release Strings2Managed.dll 1.05MB process_strings.h 807B Strings2Managed.vcxproj.filters 3KB print_buffer.h 632B dirent.h 20KB Strings2Managed.vcxproj.user 218B process_strings.cpp 4KB Stdafx.h 255B Get-ShellContent.ps1 492KB Get-SessionAnomaly.ps1 7KB资源评论
