H. Scoping with Power Response - Asymmetric-InfoSec/Power-Response GitHub Wiki
Power-Response is capable of performing scoping functions within a Windows environment. The Scope
category of plugin was created to leverage plugins in a scoping capacity in which a set of known IOC's are used to rapidly scope for compromise in an environment.
Using Power-Response for Scoping
Running Power-Response in a scoping capacity more or less the same process as a normal Power-Response session, with slight exceptions:
- Leverage the
Import-Items
(formallyImport-Computers
) plugin to import your list of computers (there will likely be many)
Note
: Power-Response_Import-Computers_Template.csv
is located in the Extras
directory for ease of formatting and ingestion
- Leverage the
Import-Items
plugin to import your list of IOC's for scoping
Note
: Power-Response_Scoping_Template.csv
is located in the Extras
directory for ease of formatting and ingestion
-
Navigate to the
Scope
plugin that you are interested in running -
Specify a
ScopeName
for your scoping session (this is to ensure that output is grouped properly for analysis) -
Run the plugin
-
Review the output