FarsightAD – PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

FarsightAD is a PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication metadata. Additionally, if executed with replication privileges, the Directory Replication Service (DRS)Read More

Codecepticon – .NET Application That Allows You To Obfuscate C#, VBA/VB6 (Macros), And PowerShell Source Code

Codecepticon is a .NET application that allows you to obfuscate C#, VBA/VB6 (macros), and PowerShell source code, and is developed for offensive security engagements such as Red/Purple Teams. What separates Codecepticon from other obfuscators is that it targets the source code rather than the compiled executables, and was developed specifically for AV/EDR evasion. Codecepticon allowsRead More

PSAsyncShell – PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool features command history, screen wiping, file uploading and downloading, information splitting through chunks andRead More

PersistenceSniper – Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines

PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. The Why Why writing such a tool, you might ask. Well, for starters, I tried looking around and I did not find aRead More

Microsoft-365-Extractor-Suite – A Set Of PowerShell Scripts That Allow For Complete And Reliable Acquisition Of The Microsoft 365 Unified Audit Log

This suite of scripts contains two different scripts that can be used to acquire the Microsoft 365 Unified Audit Log Read the accompanying blog post on https://invictus-ir.medium.com/introduction-of-the-microsoft-365-extractor-suite-b85e148d4bfe Microsoft365_Extractor, the original script stems from the Office 365 Extractor and provides all features and complete customization. Choose this if you’re not sure what to use. Microsoft365_Extractor_light, lightweightRead More

AzureRT – A Powershell Module Implementing Various Azure Red Team Tactics

Powershell module implementing various cmdlets to interact with Azure and Azure AD from an offensive perspective. Helpful utilities dealing with access token based authentication, switching from Az to AzureAD and az cli interfaces, easy to use pre-made attacks such as Runbook-based command execution and more. The Most Valuable Cmdlets This toolkit brings lots of variousRead More

Octopus – Open Source Pre-Operation C2 Server Based On Python And Powershell

Octopus is an open source, pre-operation C2 server based on python which can control an Octopus powershell agent through HTTP/S. The main purpose of creating Octopus is for use before any red team operation, where rather than starting the engagement with your full operational arsenal and infrastructure, you can use Octopus first to attack theRead More

PowerProxy – PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication is supported for Socks 5 connections. Setup Import the script: iex (new-object net.webclient).downloadstring(“”) # ORImport-Module \ reverse_proxy_handler.py canRead More

365Inspect – A PowerShell Script That Automates The Security Assessment Of Microsoft Office 365 Environments

Further the state of O365 security by authoring a PowerShell script that automates the security assessment of Microsoft Office 365 environments. Setup 365Inspect requires the administrative PowerShell modules for Microsoft Online, Azure AD (We recommend installing the AzureADPreview module), Exchange administration, Microsoft Graph, Microsoft Intune, Microsoft Teams, and Sharepoint administration. The 365Inspect.ps1 PowerShell script willRead More