Skip to content

Instantly share code, notes, and snippets.

# PowerSlim 0.1
import os,re
import clr,os
from System.Management.Automation import *
from System.Management.Automation.Host import *
from System.Management.Automation.Runspaces import *
Gets a PowerShell Credential (PSCredential) from the Windows Credential Manager
Adapted from:
The name of the target login informations in the Windows Credential Manager
cdhunt / Get-CredentialFromWindowsCredentialManager.ps1
Last active June 1, 2023 23:48 — forked from toburger/Get-CredentialFromWindowsCredentialManager.ps1
Gets a PowerShell Credential [PSCredential] from the Windows Credential Manager. This only works for Generic Credentials.
Gets a PowerShell Credential (PSCredential) from the Windows Credential Manager
This module will return a [PSCredential] object from a credential stored in Windows Credential Manager. The
Get-StoredCredential function can only access Generic Credentials.
Alias: GSC
Ayrx /
Created April 6, 2014 05:53 — forked from ntrrgc/
#!/usr/bin/env python
from __future__ import print_function
import sys
import os
import re
import ctypes
import argparse
ulseek = ctypes.cdll[''].lseek
ulseek.restype = ctypes.c_uint64
Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"
First, before using these parsers, run: "dos2unix mimikatz_dump.txt"
Mimikatz 1.0:
cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u
Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):
maxvt /
Last active July 5, 2024 13:01
Infrastructure Secret Management Software Overview

Currently, there is an explosion of tools that aim to manage secrets for automated, cloud native infrastructure management. Daniel Somerfield did some work classifying the various approaches, but (as far as I know) no one has made a recent effort to summarize the various tools.

This is an attempt to give a quick overview of what can be found out there. The list is alphabetical. There will be tools that are missing, and some of the facts might be wrong--I welcome your corrections. For the purpose, I can be reached via @maxvt on Twitter, or just leave me a comment here.

There is a companion feature matrix of various tools. Comments are welcome in the same manner.

dangtrinhnt /
Created July 28, 2016 02:03
Get Active Directory group members using python
#! /bin/env python
# $ python "My Group Name"
# Author:
# Trinh Nguyen
jaredcatkinson / Get-InjectedThread.ps1
Last active July 1, 2024 08:32
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
function Get-InjectedThread
Looks for threads that were created as a result of code injection.
atifaziz / Unprotect-ProtectedData.ps1
Created March 31, 2017 06:25
Decrypting DPAPI-protected Base64 data from PowerShell
Add-Type -AssemblyName System.Security;
[Text.Encoding]::ASCII.GetString([Security.Cryptography.ProtectedData]::Unprotect([Convert]::FromBase64String((type -raw (Join-Path $env:USERPROFILE foobar))), $null, 'CurrentUser'))
hellman /
Created May 1, 2017 12:23
DEF CON 2017 Quals - Godzilla (Reverse/Crypto)
#-*- coding:utf-8 -*-
DEF CON 2017 Quals - Godzilla (Reverse)
Timing attack on RSA decryption.
Based on
Another solutions: by b2xiao by riatre