Skip to content

Instantly share code, notes, and snippets.

View abandonedInprocServer32.cs
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Management;
namespace ComAbandonment
public class ComAbandonment
View Invoke-ExcelMacroPivot.ps1
function Invoke-ExcelMacroPivot{
Matt Nelson (@enigma0x3)
Pivots to a remote host by using an Excel macro and Excel's COM object
Remote host to pivot to
.PARAMETER RemoteDocumentPath
Local path on the remote host where the payload resides
HarmJ0y / PowerView-3.0-tricks.ps1
Last active Sep 25, 2022
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here:
# tricks for the 'old' PowerView are at
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
marcgeld / psCompress.ps1
Last active Jul 11, 2022
Powershell: Compress and decompress byte array
View psCompress.ps1
# Compress and decompress byte array
function Get-CompressedByteArray {
Param (
[byte[]] $byteArray = $(Throw("-byteArray is required"))
Process {
jaredcatkinson / Get-InjectedThread.ps1
Last active Sep 13, 2022
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
View Get-InjectedThread.ps1
function Get-InjectedThread
Looks for threads that were created as a result of code injection.
rsmudge / stagelessweb.cna
Last active Apr 15, 2021
A stageless variant of the PowerShell Web Delivery attack. This script demonstrates the new scripting APIs in Cobalt Strike 3.7 (generate stageless artifacts, host content on Cobalt Strike's web server, build dialogs, etc.)
View stagelessweb.cna
# Scripted Web Delivery (Stageless)
# This script demonstrates some of the new APIs in Cobalt Strike 3.7.
# setup our stageless PowerShell Web Delivery attack
sub setup_attack {
local('%options $script $url $arch');
%options = $3;
# get the arch right.
HarmJ0y / PowerView-2.0-tricks.ps1
Last active Sep 2, 2022
PowerView-2.0 tips and tricks
View PowerView-2.0-tricks.ps1
# NOTE: the most updated version of PowerView (
# has an updated tricks Gist at
# get all the groups a user is effectively a member of, 'recursing up'
Get-NetGroup -UserName <USER>
# get all the effective members of a group, 'recursing down'
Get-NetGroupMember -GoupName <GROUP> -Recurse
# get the effective set of users who can administer a server