Using the Responder Sweep Tool

Using the Responder Sweep Tool

The responder - or sweep sensor functionality - is designed for incident responders or any one else trying to get the ground truth on a box.

With one click of a button you can get list of processes and modules, a list of any unsigned binary code, autoruns, services, drivers, network connections, which sockets are listening on which ports and what is active on the network. It will also look for hidden modules or any indicators that are new to your organization.

It is an easy and effective way to start an investigation.

General Links

Website: https://limacharlie.io

Documentation: https://doc.limacharlie.io/

Free Education: https://edu.limacharlie.io/

Course Playlists

Basic Detection & Response: https://www.youtube.com/playlist

Advanced Detection & Response: https://www.youtube.com/playlist

Secure Access Service Edge: https://www.youtube.com/playlist

Leveraging Community Resources: https://www.youtube.com/playlist

Setting up An MSSP: https://www.youtube.com/playlist

Using the CLI & SDK: https://www.youtube.com/playlist

Ingesting Log Files & Artifacts: https://www.youtube.com/playlist

Zeek Network Monitoring: https://www.youtube.com/playlist

Incident Response: https://www.youtube.com/playlist

Real-time Windows Event Logs: https://www.youtube.com/playlist

Responding to HAFNIUM: https://www.youtube.com/playlist

The Add-on Marketplace: https://www.youtube.com/playlist

Social Media

Community Slack Channel: https://slack.limacharlie.io/

Twitter: https://twitter.com/limacharlieio

Reddit: https://www.reddit.com/r/limacharlieio/

LinkedIn: https://www.linkedin.com/showcase/limacharlieio/

YouTube: http://youtube.com/limacharlieio

Github: https://github.com/refractionPOINT