PowerShell is a powerful asset for on-host incident response and more "hand-to-hand combat" during events like CCDC. This repository provides a focused crash course on leveraging PowerShell for compromised Windows systems, starting with fundamental techniques and progressing to more advanced tactics.
Master the art of data manipulation with these essential cmdlets.
- Learn: Out-GridView-Group-Sort.md
- Code Snippets: OutGrid_Oneliners.ps1
- Advanced Examples: Demo-CSV.ps1
Unlock the secrets of JSON parsing and object comparison for quick analysis.
- Dive In: Import-Json-Compare-Object.md
Harness the power of event-driven automation and background tasks.
- Watching Processes
- Watching Folders
- PS Remoting
Explore techniques for simulating adversary actions (use responsibly!).
- Create Local Users
- Create a Bind Shell
- Create a Service
A collection of useful utilities and resources for cyber operations.
- SysInternals Suite
- MITRE ATT&CK Framework: https://attack.mitre.org/
- Bluespawn
- Aurora: https://www.nextron-systems.com/aurora/
- PowerToys (OCR Snippet)
- WinGet
- RMM Tools
Contributions are welcome! Feel free to submit pull requests or open issues to suggest improvements or new content.