Skip to content

Instantly share code, notes, and snippets.


Scott Sutherland nullbind

View GitHub Profile
View MiniPowerUpSQL.psm1
function Get-DomainObject
[Parameter(Mandatory = $false,
HelpMessage = 'Domain user to authenticate with domain\user.')]
[Parameter(Mandatory = $false,
HelpMessage = 'Domain password to authenticate with domain\user.')]
nullbind / Get-SmbShareInventory.psm1
Last active Aug 20, 2020
View Get-SmbShareInventory.psm1
# Function: Get-SMBShareInventory
# Author: Scott Sutherland, 2020 NetSPI
# References: This script includes code taken and modified from the open source projects PowerView, Invoke-Ping, and Invoke-Parrell.
function Get-SMBShareInventory
nullbind / PowerUpSQL-Dc-Without-Creds.ps1
Created Jun 30, 2020
View PowerUpSQL-Dc-Without-Creds.ps1
This file has been truncated, but you can view the full file.
#requires -version 2
File: PowerUpSQL.ps1
Author: Scott Sutherland (@_nullbind), NetSPI - 2020
Major Contributors: Antti Rantasaari and Eric Gruber
Version: 1.106
Description: PowerUpSQL is a PowerShell toolkit for attacking SQL Server.
License: BSD 3-Clause
Required Dependencies: PowerShell v.2
View Send-ProtocolHandlerEmailLinks.psm1
View xsl-notepad.xsl
<?xml version='1.0'?>
<xsl:stylesheet version="1.0"
<msxsl:script language="JScript" implements-prefix="user">
function xml(nodelist) {
var r = new ActiveXObject("WScript.Shell").Run("notepad.exe");
return nodelist.nextNode().xml;
View xsl-notepad.xml
<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="" ?>
nullbind / Obfuscated-PowerView-Example.psm1
Last active May 21, 2020
View Obfuscated-PowerView-Example.psm1
function New-InMemoryModule
[Parameter(Position = 0)]
$ModuleName = [Guid]::NewGuid().ToString()
nullbind / Inveigh-AppDomain-Hijack.cs
Created May 20, 2020
View Inveigh-AppDomain-Hijack.cs
AppDomain Hijacking Execution Method
File: Inveigh-AppDomain-Hijack.cs
Author: Kevin Robertson
This file can be used to execute InveighZero through MSBuild.
Original Repository:
Note: The reflection technique used to load the inveighzero.exe from a string was based on
nullbind / Get-ProtocolHandle.ps1
Last active May 8, 2020
View Get-ProtocolHandle.ps1
# based on:
# HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
# jnlp:file://///server/file.txt
$null = $DataTable = New-Object System.Data.DataTable;
nullbind / inveigh.xml
Created May 6, 2020
Payload to execute InveighZero through MSBuild.
View inveigh.xml
<Project ToolsVersion="4.0" xmlns="">
File: Inveigh.xml
Author: Kevin Robertson
This file can be used to execute InveighZero through MSBuild.
Original Repository:
Using msbuild.exe to execute .net code through inline tasks is a technique that
was developed by Casey Smith. You can explicitly
You can’t perform that action at this time.