WithSecureLabs / RemotePSpy
RemotePSpy provides live monitoring of remote PowerShell sessions, which is particularly useful for older (pre-5.0) versions of PowerShell which do not have comprehensive logging facilities built in.
☆18Updated 5 years ago
Alternatives and similar repositories for RemotePSpy:
Users that are interested in RemotePSpy are comparing it to the libraries listed below
- Set of ultra technical notes about AD☆18Updated 6 years ago
- simple demo of using C# & System.Management.Automation.dll to run powershell code (b64 encoded) without powershell.exe☆14Updated 8 years ago
- Detecting PowerShell Empire, Metasploit Meterpreter and Cobalt Strike agents by payload size sequence analysis and host correlation☆16Updated 6 years ago
- ☆25Updated 6 years ago
- Remote process dumping automation. Use it to dump Windows credentials remotely and extract clear text with Mimikatz offline☆35Updated 5 years ago
- Powershell script which will take any payload and put it in the a bat script which delivers the payload. The payload is delivered using e…☆53Updated last year
- Babel-Shellfish deobfuscates and scans Powershell scripts on real-time right before each line execution.☆43Updated 6 years ago
- Extract all IP of a computer using DCOM without authentication (aka detect network used for administration)☆26Updated 5 years ago
- Bash one-liner that will parse harmj0y's SharpRoast or Rebeus kerberoast into hashcat crack-able format.☆32Updated 6 years ago
- Ingests logs/dbs from cobalt and empire and outputs an excel report with activity, sessions, and credentials☆20Updated 4 years ago
- Convert Empire profiles to Apache mod_rewrite scripts☆27Updated 5 years ago
- LogRM is a post exploitation powershell script which it uses windows event logs to gather information about internal network☆74Updated 5 years ago
- Extracts Azure authentication tokens from PowerShell process minidumps.☆23Updated last year
- ☆21Updated 7 years ago
- A PowerShell script to parse the docx/docm file format and update the template location.☆17Updated 5 years ago
- A PowerShell script to prevent Sysmon from writing its events☆15Updated 5 years ago
- Miscellaneous PowerShell scripts for red team activities☆16Updated 5 months ago
- Microsoft Applocker evasion tool☆39Updated 5 years ago
- The project is called GreatSCT (Great Scott). GreatSCT is an open source project to generate application white list bypasses. This tool i…☆30Updated 6 years ago
- RID Hijacking Proof of Concept script by Kevin Joyce☆15Updated 6 years ago
- A cross platform tool for verifying credentials and executing single commands☆32Updated 6 years ago
- .net tool that uses WMI queries to enumerate active sessions and accounts configured to run services on remote systems☆33Updated 5 years ago
- BloodHound Data Scanner☆45Updated 4 years ago
- Building ActiveDirectory Lab for practicing various attack vectors used during Red Team engagement.☆36Updated 5 years ago
- Light System Examination Toolkit (LISET) - logs & activity & configuration gathering utility that comes handy in fast Windows incident re…☆29Updated 8 years ago
- Quick PoC I Wrote for Bypassing Next Gen AV Remotely for Pentesting☆41Updated 6 years ago
- Random source codes☆25Updated 4 years ago
- windows-operating-system-archaeology @Enigma0x3 @subTee☆23Updated 8 years ago
- windows-operating-system-archaeology @Enigma0x3 @subTee☆45Updated 8 years ago
- Retrieve the IIS Application Pool Credentials. Relies on the WebAdministration PowerShell Module.☆14Updated 7 years ago