CHAPS — Configuration Hardening Assessment PowerShell Script

CHAPS is a PowerShell script for checking system security settings where additional software and assessment tools, such as Microsoft Policy Analyzer, cannot be installed. The purpose of this script is to run it on a server or workstation to collect configuration information about that system. The information collected can then be used to provide recommendations (and references) to improve the security of the individual system and systemic issues within the organization's Windows environment.

https://github.com/cutaway-security/chaps

#powershell #hardening #assessment #blueteam

OffensiveNim — PowerShell

Using Nim to load the CLR and execute PowerShell without the need for PowerShell.exe, now with printing the output as well!

https://github.com/Alh4zr3d/OffensiveNim/blob/master/src/execute_powershell_bin.nim

#offensive #nim #powershell

PowerRunAsAttached

This script allows to spawn a new interactive console as another user account in the same calling console (console instance/window).

Example:
Invoke-RunAsAttached -Username "darkcodersc" -Password "testmepliz"

https://github.com/DarkCoderSc/PowerRunAsAttached

#runas #powershell #pentest #tools

PowerRemoteDesktop

Have you ever dreamed about having a Remote Desktop Application entirely coded in PowerShell (Even the GUI) ? Well it is now possible with this very first beta release

https://github.com/DarkCoderSc/PowerRemoteDesktop

#rdp #powershell #tools

EDRChecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

C#
https://github.com/PwnDexter/SharpEDRChecker

PowerShell
https://github.com/PwnDexter/Invoke-EDRChecker

#edr #checker #csharp #powershell #tools

PowerRunAsSystem

Run application as system with interactive system process support (active Windows session). This technique doesn't rely on any external tools and doesn't require a Microsoft Service. It spawns an NT Authority/System process using the Microsoft Windows Task Scheduler then upgrade to Interactive System Process using cool WinApi's (Run in Active Windows Session)

https://github.com/DarkCoderSc/PowerRunAsSystem

#windows #powershell #runas

ntTraceControl — Powershell Event Tracing Toolbox

Want to simulate any ETW logs using powershell, even the security one?
Do you want to import any evtx files into the current eventlog session?

ntTraceControl is a set of Powershell commands to forge/generate Windows logs. Simply put, ntTraceControl supports Detection teams by simplifying the testing of detection use cases and alerts without using complex infrastructure, tools, or the testing of vulnerabilities.

https://github.com/airbus-cert/ntTraceControl

#etw #simulate #powershell #redteam #blueteam

PSSW100AVB

This is the PSSW100AVB (Powershell Scripts With 100% AV Bypass) Framework.
A list of useful Powershell scripts with 100% AV bypass ratio. (At the time of publication).
Latest Reverse shell tested on Windows 11 (ReverseShell_2022_03.ps1)

https://github.com/tihanyin/PSSW100AVB

#av #evasion #amsi #powershell #ps1

Red Teaming Toolkit

A collection of open source and commercial tools that aid in red team operations. This post will help you during red team engagement.

Contents
— Reconnaissance
— Weaponization
— Delivery
— Command and Control
— Lateral Movement
— Establish Foothold
— Escalate Privileges
— Data Exfiltration
— Misc
— References

https://renatoborbolla.medium.com/red-teaming-adversary-simulation-toolkit-da89b20cb5ea

#redteam #toolkit #powershell #c2

Invoke-SocksProxy

The reverse proxy creates a tcp tunnel by initiating outbond SSL connections that can go through the system's proxy. The tunnel can then be used as a socks proxy on the remote host to pivot into the local host's network.

https://github.com/p3nt4/Invoke-SocksProxy

#powershell #socks #proxy #tools

🐚 PSAsyncShell: Asynchronous Firewall Bypass

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell.

Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections.

🔗 Research:
https://darkbyte.net/psasyncshell-bypasseando-firewalls-con-una-shell-tcp-asincrona/

🔗 Source:
https://github.com/JoelGMSec/PSAsyncShell

#ad #powershell #reverse #shell

🎲 PowerShell Obfuscation

A simple and effective powershell obfuscaiton tool bypass Anti-Virus and AMSI-bypass + ETW-block.

https://github.com/H4de5-7/powershell-obfuscation

#powershell #obfuscation #amsi #etw #bypass

🕸️ PowerShell Obfuscation Bible

A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion.

https://github.com/t3l3machus/PowerShell-Obfuscation-Bible

#powershell #obfuscation #redteam

⛓ Divide and Rule — AMSI Bypass

By spliiting well known PowerShell scripts, e.g. an AMSI Bypass, we can directly bypass Windows Defender or get at least the line, where the detection occurs. Outcome: Several AMSI Bypasses and two scripts:

- One to split PowerShell snippets in multiple lines
- A second script to run all the files in an Oneliner, XOR obfuscated

https://badoption.eu/blog/2023/07/15/divideconqer.html

#amsi #av #bypass #powershell

⚡PsMapExec

A PowerShell tool that takes strong inspiration from CrackMapExec.

🚀 Supported Methods

— PsExec
— RDP
— SMB Signing
— WinRM
— WMI

🔗 More Detailed
🔗 Github Repository

#ad #windows #powershell #cme