Using the Responder Sweep Tool
The responder - or sweep sensor functionality - is designed for incident responders or any one else trying to get the ground truth on a box.
With one click of a button you can get list of processes and modules, a list of any unsigned binary code, autoruns, services, drivers, network connections, which sockets are listening on which ports and what is active on the network. It will also look for hidden modules or any indicators that are new to your organization.
It is an easy and effective way to start an investigation.
General Links
Website: https://limacharlie.io
Documentation: https://doc.limacharlie.io/
Free Education: https://edu.limacharlie.io/
Course Playlists
Basic Detection & Response: https://www.youtube.com/playlist
Advanced Detection & Response: https://www.youtube.com/playlist
Secure Access Service Edge: https://www.youtube.com/playlist
Leveraging Community Resources: https://www.youtube.com/playlist
Setting up An MSSP: https://www.youtube.com/playlist
Using the CLI & SDK: https://www.youtube.com/playlist
Ingesting Log Files & Artifacts: https://www.youtube.com/playlist
Zeek Network Monitoring: https://www.youtube.com/playlist
Incident Response: https://www.youtube.com/playlist
Real-time Windows Event Logs: https://www.youtube.com/playlist
Responding to HAFNIUM: https://www.youtube.com/playlist
The Add-on Marketplace: https://www.youtube.com/playlist
Social Media
Community Slack Channel: https://slack.limacharlie.io/
Twitter: https://twitter.com/limacharlieio
Reddit: https://www.reddit.com/r/limacharlieio/
LinkedIn: https://www.linkedin.com/showcase/limacharlieio/
YouTube: http://youtube.com/limacharlieio