Link to this headingWindows Post Exploitation
Powershell Script to mine Bitcoins with IE in the background
A PowerShell Post-Exploitation Framework
Windows traffic sniffing for low level accounts
PowerShell script for finding vulnerable settings in AD Group Policy
Kill Event Tracing for Windows (ETW)
Searching emails in a Microsoft Exchange environment- It can be used as a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in a domain.
Windows Bootkit
A portable console aimed at making pentesting with PowerShell a little easier.
Obfuscating PSAttack
Link to this headingPivoting
Link to this headingHashes/Passwords
Retrieving NTLM Hashes without Touching LSASS
Windows Credentials Editor
Powershell script for discovery of Privileged Accounts
Decrypt Passwords stored on Windows
Audit and attack Active Directory environments that have deployed Microsoft’s Local Administrator Password Solution (LAPS).
Extract plaintexts passwords, hash, PIN code and kerberos tickets from memory and perform pass-the-hash, pass-the-ticket or build Golden tickets.
Link to this headingPersistence
Windows Userland Persistence Fundamentals
Powershell PE Injection
Use Powershell to download exe and execute in memory
Obfuscate downloading exe
Remote Administration Tool for Windows
Get Wireless keys:
Link to this headingPasswords
Windows Credential Vault is often used to store saved passwords