Skip to content

Instantly share code, notes, and snippets.

View abandonedInprocServer32.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Management;
namespace ComAbandonment
public class ComAbandonment
View Invoke-ExcelMacroPivot.ps1
function Invoke-ExcelMacroPivot{
Matt Nelson (@enigma0x3)
Pivots to a remote host by using an Excel macro and Excel's COM object
Remote host to pivot to
.PARAMETER RemoteDocumentPath
Local path on the remote host where the payload resides
HarmJ0y / PowerView-3.0-tricks.ps1
Last active Aug 9, 2022
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here:
# tricks for the 'old' PowerView are at
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
marcgeld / psCompress.ps1
Last active Jul 11, 2022
Powershell: Compress and decompress byte array
View psCompress.ps1
# Compress and decompress byte array
function Get-CompressedByteArray {
Param (
[byte[]] $byteArray = $(Throw("-byteArray is required"))
Process {
jaredcatkinson / Get-InjectedThread.ps1
Last active Aug 5, 2022
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
Looks for threads that were created as a result of code injection.
HarmJ0y / PowerView-2.0-tricks.ps1
Last active Aug 3, 2022
PowerView-2.0 tips and tricks
View PowerView-2.0-tricks.ps1
# NOTE: the most updated version of PowerView (
# has an updated tricks Gist at
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server