Link encyclopedia

Going to try to keep this updated.
Microsoft
Powershell
​Powershell 101​
​Learn Windows PowerShell in a Month of Lunches (Youtube) - Companion videos to the famous book
​p3nt4/PowerShdll - Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls.
​nullbind/Powershellery - GetSPN and other things
Empire
​Empire 101 - Empire Introduction from official documentation
Powerview
​Powerview repository - contains documentation and how to use Powerview
​PowerView-3.0-tricks.ps1 - Powerview tips and tricks from HarmJ0y
Bloodhound
​Bloodhound node info - Bloodhound Node info explanations
​Lay of the land with bloodhound - General Bloodhound usage guide article
Mimikatz
​Lazykats -  Mass Mimikatz with AV bypass (questionable)
​Direct link to Invoke-Mimikatz.ps1​
​Auto dumping domain credentials​
​eladshamir/Internal-Monologue - Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS
Enumeration
​Invoke-Portscan.ps1 - Invoke-Portscan is a module from Powersploit that can perform port scans similar to Nmap straight from Powershell.
​Walking back local admins - Finding local admins in AD
Kerberos
​HarmJ0y - roasting-as-reps - Article about Kerberos preauthentication
​HarmJ0y/ASREPRoast - Project that retrieves crackable hashes from KRB5 AS-REP responses for users without kerberoast preauthentication enabled.
Tunneling
​SShuttle - SShuttle creates an SSH tunnel that works almost just like a VPN
Command and control (C2)
​SANS Pentest Blog - Using Amazon AWS EC2 for C2
​lukebaggett/dnscat2-powershell - Powershell implementation of dnscat2 client
​C2 with dnscat2 and powershell - dnscat2 can be used with powershell for working over DNS to hide C2 activity
​DNS tunneling - How DNS tunneling works
Exploit
​SharpShooter - SharpShooter can create payloads for many formats like HTA, JS and VBS
​DCShadow - DCShadow, attack technique to create a rogue domain controller
Mail
​Ruler - Ruler can interact with Exchange servers remotely
Breaking out of locked down environments
​Breaking Out of Citrix and other Restricted Desktop Environments​
​Applocker Case study - Breaking out of Applocker using advanced techniques
​Bypass Applocker - List of most known Applocker bypass techniques
​Babushka Dolls or How To Bypass Application Whitelisting and Constrained Powershell​
Defense
​MS - Securing privileged access - Reference material for securing admin access in AD
​MS - What is AD Red Forest - Red forest design is building an administrative AD environement built with security in mind
​Managing Applocker with Powershell​
​SANS - Finding Empire C2 activity​
Lab building
​The Eye - Official MSDN ISOs for all OSes
​Automatedlab/Automatedlab - Automatedlab is a project for building a lab environment automatically using Powershell.
​Building a lab with ESXI and Vagrant - Big article from this book about building a lab using ESXi
​Mini lab - Small article from this book about creating a small lab for practicing things like Responder
Other
​OSCP Survival Guide archived - contains a ton of useful commands for enumeration and exploitation

Last modified 4yr ago