Powerglot – Encodes Offensive Powershell Scripts Using Polyglots

Powerglot encodes several kind of scripts using polyglots, for example, offensive powershell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network level protections, being one of the most common payloads scripts developed in powershell.Read More

PSMDATP – PowerShell Module For Managing Microsoft Defender Advanced Threat Protection

Welcome to the Microsoft Defender Advanced Threat Protection PowerShell module! This module is a collection of easy-to-use cmdlets and functions designed to make it easy to interface with the Microsoft Defender Advanced Threat Protection API. Motivation I created this PowerShell module for MDATP for the following reasons: Advance my PowerShell skills Provide an easy wayRead More

Chimera – PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions

Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests malicious PS1’s known to trigger AV and uses string substitution and variable concatenation to evade common detection signatures.Chimera was created for this write-up and is further evidence of how trivial it is to bypass detection signatures.Read More

HTTP-revshell – Powershell Reverse Shell Using HTTP/S Protocol With AMSI Bypass And Proxy Aware

HTTP-revshell is a tool focused on redteam exercises and pentesters. This tool provides a reverse connection through the http/s protocol. It use a covert channel to gain control over the victim machine through web requests and thus evade solutions such as IDS, IPS and AV.Help server.py (unisession server)Server usage: usage: server.py [-h] [–ssl] [–autocomplete] hostRead More

PowerSharpPack – Many usefull offensive CSharp Projects wraped into Powershell for easy usage

Many usefull offensive CSharp Projects wraped into Powershell for easy usage.Why? In my personal opinion offensive Powershell is not dead because of AMSI, Script-block-logging, Constrained Language Mode or other protection features. Any of these mechanisms can be bypassed. Since most new innovative offensive security projects are written in C# I decided to make them usableRead More

Xeca – PowerShell Payload Generator

xeca is a project that creates encrypted PowerShell payloads for offensive purposes.Creating position independent shellcode from DLL files is also possible.InstallFirstly ensure that rust is installed, then build the project with the following command: cargo build How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to aRead More

Digital Signature Hijack – Binaries, PowerShell Scripts And Information About Digital Signature Hijacking

Hijacking legitimate digital signatures is a technique that can be used during red team assessments in order to sign PowerShell code and binaries. This could assist to bypass Device Guard restrictions and maintain stealthy in an engagement. DigitalSignatureHijack is a PowerShell script based on Matt Graeber research that can perform the following operations: Digitally signRead More

Nishang – Offensive PowerShell For Red Team, Penetration Testing And Offensive Security

Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.By nikhil_mittUsageImport all the scripts in the current PowerShell session (PowerShell v3 onwards). PS C:nishang> Import-Module .nishang.psm1 Use the individual scripts with dot sourcing.Read More

Powerob – An On-The-Fly Powershell Script Obfuscator Meant For Red Team Engagements

An on-the-fly Powershell script obfuscator meant for red team engagements. Built out of necessity.Installationgit clone https://github.com/cwolff411/powerob Usagepython3 powerob.py obfuscate originalfile.ps1 obfuscatedfile.ps1Takes an INPUTFILE obfuscates it and dumps the obfuscated version into OUTPUTFILE.python3 powerob.py listLists all of the currently obfuscated files along with their commands and associated obfuscated commands.python3 powerob.py getcommand Invoke-AllChecksFor reference on the flyRead More

PowerSploit – A PowerShell Post-Exploitation Framework

PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts:CodeExecutionExecute code on a target machine. Invoke-DllInjectionInjects a Dll into the process ID of your choosing. Invoke-ReflectivePEInjectionReflectively loads a Windows PE file (DLL/EXE) in toRead More