PowerShell Snippets
Bypass application whitelisting and CLM with runscripthelper and WMICreate fake PowerShell logsEnumerate AD ACLsEnumerate WMI eventsEnumerate Domain TrustsEnumerate change metadataEnumerate non-signed service binariesEnumerate with GPOsFind signed alternate PowerShell hostsGet AMSI moduleGroup processes by user with WMIHide processes from Get-ProcessMalware re-purposing with PowerShell reflectionMonitor PowerShell hosts with WMIPowerShell reflection offensive use-caseQuery PowerShell alternative hosts with WMIRetrieve file certificateSearch LDAP for misconfigurationsSign custom code with PowerShellWMI service creationWeak folder permission enumeration