H. Scoping with Power Response - Asymmetric-InfoSec/Power-Response GitHub Wiki

Power-Response is capable of performing scoping functions within a Windows environment. The Scope category of plugin was created to leverage plugins in a scoping capacity in which a set of known IOC's are used to rapidly scope for compromise in an environment.

Using Power-Response for Scoping

Running Power-Response in a scoping capacity more or less the same process as a normal Power-Response session, with slight exceptions:

1. Leverage the Import-Items (formally Import-Computers) plugin to import your list of computers (there will likely be many)

Note: Power-Response_Import-Computers_Template.csv is located in the Extras directory for ease of formatting and ingestion

2. Leverage the Import-Items plugin to import your list of IOC's for scoping

Note: Power-Response_Scoping_Template.csv is located in the Extras directory for ease of formatting and ingestion

3. Navigate to the Scope plugin that you are interested in running

4. Specify a ScopeName for your scoping session (this is to ensure that output is grouped properly for analysis)

5. Run the plugin

6. Review the output