Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters
An List of my own Powershell scripts, commands and Blogs for windows Red Teaming.
https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters
commands exploitation hacking penetration-testing pentesting powershell redteam scripts tools-techniques user-friendly windows
Last synced: about 2 months ago
JSON representation
An List of my own Powershell scripts, commands and Blogs for windows Red Teaming.
- Host: GitHub
- URL: https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters
- Owner: Whitecat18
- License: mit
- Created: 2023-02-27T14:27:32.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-04-01T12:02:11.000Z (3 months ago)
- Last Synced: 2024-04-01T13:27:43.668Z (3 months ago)
- Topics: commands, exploitation, hacking, penetration-testing, pentesting, powershell, redteam, scripts, tools-techniques, user-friendly, windows
- Language: PowerShell
- Homepage:
- Size: 1.9 MB
- Stars: 276
- Watchers: 6
- Forks: 21
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- jimsghstars - Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters - An List of my own Powershell scripts, commands and Blogs for windows Red Teaming. (PowerShell)
README
Powershell Scripts For Hackers and Pentesters
An List of Powershell Scripts, commands and technics for Pentesting Windows Machines
Scripts managed by @Smukx .
-----------------
Pwn windows machines without any Restrictions ⚠️
-----------------
### What is this ?
This Repository is an Collection of Powershell Scripts, Hacks ,Tutorials etc ..
These are my complete resoruce that i coded to use it to automate hacks , works etc ..
### Usages ?
Enumerate your Powershell hacks , scripts usage (Adv) , to the next level . This Repository contains all kinds of Hacks and Powershell Tricks, from
basics to advance powershell commnads and scripts that will help you in day to day life of an IT Sectors , cybersecurity or Windows Automation
Down is an list of series which you can concern for your needs !
Contents
| Powershell Script Tier List | + MODULES + | Links |
|----------------------------------------------|-------------------------------------------------|--------------|
| Powershell Scripts & Commands | PS-010 (Ping-Play) | [Look Here](https://github.com/Whitecat18/Ps-Script-for-Hackers/blob/main/PS-010.md) |
| | PS-020 (Attacks) | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/PS-020.md) |
| | ps-030 (KEY-STOKES) | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/KEYSTROKES%20USING%20POWERSHELL.md) |
| | PS-040 (Win-Defender) | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/DEFENDER_USING_POWERSHELL.md) |
| | ps-050 (Silent-Installer) | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/Silent-Installer.md) |
| | PS-060 (Basics of Mimikaz) | [Look Here](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/mimikaz.md) |
| | PS-070-N (Adv Network Enumeration) | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/Enumeration/Network.md) |
| | PS-070-M (Adv System Enumeration) | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/Enumeration/Windows_Enum.md) |
| Complicated Part | SYSTEM32 | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/SYSTEM32.md) |
| | REVERSE-SHELL | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/tree/main/Reverse-Shell) |
| | SCRIPT-FILES.ps1 | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/tree/main/scripts) |
| | UNDETECTABE-KEYLOGGER | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/KEY-LOGGER.md) |
| | Exfiltrating data using Powershell & WAV | [Look Here](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/tree/main/scripts/Exfiltrating%20data%20using%20Powershell)|
| Topic | Description | Link |
|----------------------------------------------|-------------------------------------------------|----------------------------------------------------|
| Basic of Windows Systems [Works, Methods etc] | Just an Bunch of Theories. If you are a Scirpt Kiddie (New to Hack) then this may help you understand things | [Windows Basics](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/windows-basic.md) |
| | WINDOWS-BASICS | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/windows-basic.md) |
| | WINDOWS-PENTEST-METHODS | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/Basics/win-pentest-methods.md) |
| | COMMON-PORTS-AND-SERVICE | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/Basics/Common-ports-and-service.md) |
| | BASIC-COMMANDS | [Look Here](https://github.com/Whitecat18/Ps-script-for-Hackers-and-Pentesters/blob/main/Basic-Commands.md) |
| | POWERSHELL VS CMD | [Look Here](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/Basics/Powershell-VS-Cmd.md) |
| Powershell Blogs | AUTOMATED POWERSHELL ATTACKS | [Blog](https://medium.com/@smukx/automate-powershell-attacks-using-mavoc-tool-9adcd0c7a1f) |
| | HOW KEYLOGGERS WORK ( BASICS ) InDept | [Blog](https://securelist.com/keyloggers-implementing-keyloggers-in-windows-part-two/36358/) |
| | POWERSHELL TURLA SERIES | [Blog](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/Basics/turla_powershell.md) |
| | USING PS1 ON KALI LINUX FOR PENTESTING | [Blog](https://www.offsec.com/offsec/kali-linux-powershell-pentesting/) |
| | Tracking Powershell based malware attacks | [Blog](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/Basics/Powershell_defense/Tracking-Powershell-based-malware-attacks.md) |
| | Multi-stage Powershell script | [Blog](https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/) |
| | APT33 PowerShell Malware | [Blog](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/Basics/powershell_attacks/APT33%20PowerShell%20Malware.md) |
| | Lemon Duck Powershell Malware | [Blog](https://news.sophos.com/en-us/2019/10/01/lemon_duck-powershell-malware-cryptojacks-enterprise-networks/) |
| | Hoaxcalls DDoS Botnet | [Blog](https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/) |
| | AgentTesla Delivered via a Malicious PowerPoint Add-In | [Blog](https://isc.sans.edu/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162) |
| | Machine learning from idea to reality: a PowerShell case study | [Blog](https://blog.fox-it.com/2020/09/02/machine-learning-from-idea-to-reality-a-powershell-case-study/) |
| | Multi-stage PowerShell script | [BLog](https://dissectmalware.wordpress.com/2018/03/28/multi-stage-powershell-script/) |
| | Inspecting a PowerShell Cobalt Strike Beacon | [Blog](https://forensicitguy.github.io/inspecting-powershell-cobalt-strike-beacon/) |
| | Powershell Reflective Loader to inject dll | [Blog](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/Basics/powershell_attacks/from%20Powershell%20reflective%20loader%20to%20injected%20dll.md) |
| | Windows Triaging with Powershell | [Blog](https://aditya-pratap9557.medium.com/windows-triaging-with-powershell-part-1-parsing-event-logs-a6748657d150) |
| | Powershell used to drop an REvil Ransomware | [Blog](https://isc.sans.edu/diary/27012)
| | PowerShell based attack targets Kazakhstan | [Blog](https://github.com/Whitecat18/Powershell-Scripts-for-Hackers-and-Pentesters/blob/main/Basics/powershell_attacks/A%20multi-stage%20PowerShell%20based%20attack%20targets%20Kazakhstan.md) |
| | Exploring Powershell AMSI and logging Evasion | [Blog](https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/) |
| | Charming Kitten Updates POWERSTAR with an InterPlanetary Twist | [Blog](https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/) |
| | Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets | [Blog](https://www.sentinelone.com/labs/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/) |
| | Powershell static Analysis and Emote Results | [Blog](https://hatching.io/blog/powershell-analysis/) |
| | PowerPoint Dropper and Cryptocurrency Stealer | [Blog](https://threatresearch.ext.hp.com/aggah-campaigns-latest-tactics-victimology-powerpoint-dropper-and-cryptocurrency-stealer/)
| | A border-hopping PlugX USB worm takes its act on the road | [Blog](https://news.sophos.com/en-us/2023/03/09/border-hopping-plugx-usb-worm/) |
| | Malicious Powershell Targeting UK Bank Customers | [Blog](https://isc.sans.edu/diary/Malicious+Powershell+Targeting+UK+Bank+Customers/23675) |
| | PowerLess Trojan | [Blog](https://www.cybereason.com/blog/research/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage)
| | An Journey to Uncover New Fully Undetectable PowerShell Backdoor | [Blog](https://www.safebreach.com/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/) |
| | A case of Powershell, Excel 4 Macros and VB6| [Blog](https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943) |
| | Emotet Technical Analysis - Part 1 | [Blog](https://www.picussecurity.com/resource/blog/emotet-technical-analysis-part-1-reveal-the-evil-code) |
| | Emotet Technical Analysis - Part 2 | [Blog](https://www.picussecurity.com/resource/blog/emotet-technical-analysis-part-2-powershell-unveiled) |
| | Reversing complete Powershell Malware | [Blog](https://blog.cerbero.io/?p=2617) |
| | HCrypt Injecting BitRAT using PowerShell, HTAs, and .NET | [Blog](https://forensicitguy.github.io/hcrypt-injecting-bitrat-analysis/) |
| | PowerShell Dropper Delivering Formbook | [Blog](https://isc.sans.edu/diary/26806) |
| | Reversing Complex PowerShell Malware | [Blog](https://blog.cerbero.io/?p=2617) |
| | Threat Operation Re-emerges with New LNK and PowerShell | [Blog](https://www.deepinstinct.com/blog/ducktail-threat-operation-re-emerges-with-new-lnk-powershell-and-other-custom-tactics-to-avoid-detection) |
| | The rise of .NET and Powershell Malware | [Blog](https://securelist.com/the-rise-of-net-and-powershell-malware/72417/) |
| | MoDi RAT attack pastes PowerShell commands | [Blog](https://news.sophos.com/en-us/2020/09/24/email-delivered-modi-rat-attack-pastes-powershell-commands/) |
| | Simple DGA Spotted in a Malicious PowerShell | [Blog](https://blog.rootshell.be/2020/07/14/simple-dga-spotted-in-a-malicious-powershell/) |
| | New PowerShell Obfuscation in Emotet Maldocs | [Blog](https://security-soup.net/quick-post-spooky-new-powershell-obfuscation-in-emotet-maldocs/) |
| | From virus alert to PowerShell Encrypted Loader | [Blog](https://www.trustnet.co.il/virus-alert-to-powershell-encrypted-loader/) |
| | Anatomy of a PowerShell Attack | [Blog](https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assets/resourcefiles/Threat_Dissection_Powershell_3.pdf) |
| | Delivering Ransomware with Powershell Turla Series | [Blog](https://www.mandiant.com/resources/blog/turla-galaxy-opportunity) |
| | PRB-Backdoor-A Fully Loaded PowerShell Backdoor with Evil Intentions | [Blog](https://sec0wn.blogspot.com/2018/05/prb-backdoor-fully-loaded-powershell.html)
| | Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis | [Blog](https://www.malwarebytes.com/blog/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis) |
| | Top 10 Prevalent MITRE ATT&CK Techniques | [Blog](https://www.picussecurity.com/hubfs/Red%20Report%202023/RedReport2023-Picus.pdf?utm_referrer=https%3A%2F%2Fwww.picussecurity.com%2Fthank-you-for-download-red-report-2023%3FsubmissionGuid%3Ddc10f229-1515-4e14-b0c0-9e153d925310)
| | Detecting both ‘offensive’ and obfuscated PowerShell scripts in Splunk using Windows Event Log | [Blog](https://blog.fox-it.com/2020/09/02/machine-learning-from-idea-to-reality-a-powershell-case-study/) |
| | Analyzing Modern Malware Technique | [Blog](https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943) |
| | Emotet_network_protocol | [Blog](https://d00rt.github.io/emotet_network_protocol/)
| Powershell Conference | BlackHat-USA-2010-Kennedy-Kelly-PowerShell | [PPT Link](https://media.blackhat.com/bh-us-10/presentations/Kennedy_Kelly/BlackHat-USA-2010-Kennedy-Kelly-PowerShell-Its-Time-To-Own-slides.pdf) |
| | BlackHat-USA-2017-Robbins-Schroeder | [PPT Link](https://www.blackhat.com/docs/us-17/wednesday/us-17-Robbins-An-ACE-Up-The-Sleeve-Designing-Active-Directory-DACL-Backdoors-wp.pdf) |
| | BlackHat-USA-2021-ProxyLogon is Just the Tip of the Iceberg | [PPT Link](https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-ProxyLogon-Is-Just-The-Tip-Of-The-Iceberg-A-New-Attack-Surface-On-Microsoft-Exchange-Server.pdf) |
| | BlackHat-EU-14-Hafif-Reflected-File-Download-A-New-Web-Attack | [PPT Link](https://www.blackhat.com/docs/eu-14/materials/eu-14-Hafif-Reflected-File-Download-A-New-Web-Attack-Vector.pdf) |
| | BlackHat-USA-2014-Kazanciyan-Investigating-Powershell-Attacks-wp | [PPT Link](https://www.blackhat.com/docs/us-14/materials/us-14-Kazanciyan-Investigating-Powershell-Attacks-WP.pdf) |
| | BlackHat-USA-2017-PowerShell-Obfuscation Detection Using Science | [PPT Link](https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And%20Evasion-Using-Science.pdf)
[Document](https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And%20Evasion-Using-Science-wp.pdf) |
| | BlackHat-Asia-2016-DSCompromised:A Windows DSC Attack Framework | [PPT Link](https://www.blackhat.com/docs/asia-16/materials/asia-16-Kazanciyan-DSCompromised-A-Windows-DSC-Attack-Framework.pdf) |
| | BlackHat-USA-2017-INFECTING-THE-ENTERPRISE-ABUSING-OFFICE365+POWERSHELL-FOR-COVERT-C2 | [PPT Link](https://www.blackhat.com/docs/us-17/wednesday/us-17-Dods-Infecting-The-Enterprise-Abusing-Office365-Powershell-For-Covert-C2.pdf)
| | Splunk-USA-2016-hunting-the-known-unknowns-the-PowerShell-edition | [PPT Link](https://conf.splunk.com/files/2016/slides/hunting-the-known-unknowns-the-powershell-edition.pdf)
| | BlackHat-USA-2019-PowerShell-module-for-administering-Office-365/Azure-AD| [PPT Link](https://aadinternals.com/images/posts/BH_USA19_AADInternals.pdf)
| | PowerShell for Penetration Testers | [PPT Link](https://paper.bobylive.com/Meeting_Papers/BlackHat/Europe-2013/bh-eu-13-powershell-for-penetration-mittal-slides.pdf) |
| | HTTB-SECONF-Exploit-with-Shell-Reverse-Infection-PowerShell-using-VBS | [PPT Link](https://conference.hitb.org/hitbsecconf2021ams/materials/D1%20COMMSEC%20-%20Exploitation%20with%20Shell%20Reverse%20and%20Infection%20with%20PowerShell%20-%20Filipi%20Pires.pdf) |
| |
| Powershell Papers | CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE | [Link](https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/0/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF)
| Cheat Sheets for Powershell | Cheat Sheet by SanS | [Cheat Sheet](https://www.sans.org/blog/sans-pen-test-cheat-sheet-powershell) |
| | Cheat Sheet by Microsoft | [Cheat Sheet](https://download.microsoft.com/download/2/1/2/2122f0b9-0ee6-4e6d-bfd6-f9dcd27c07f9/ws12_quickref_download_files/powershell_langref_v3.pdf)
| | Reverse Shell Cheat Sheet | [Cheat Sheer](https://github.com/d4t4s3c/Offensive-Reverse-Shell-Cheat-Sheet)
| Powershell Books (Worth) | Windows Security Internals with PowerShell (Aid. 2024) | [Redirect](https://www.amazon.com/Windows-Security-Internals-PowerShell-Forshaw/dp/1718501986/ref=sr_1_3?refinements=p_28%3APowerShell&s=books&sr=1-3)
| | The Complete Ultimate Windows Powershell Beginners Guide (Aid. 2017) | [Redirect](https://www.amazon.com/Powershell-Complete-Beginners-Scripting-Programming/dp/1979190860/ref=sr_1_4?refinements=p_28%3APowerShell&s=books&sr=1-4)
| |PowerShell Automation and Scripting for Cybersecurity (Aid. 2023) | [Redirect](https://www.amazon.com/PowerShell-Automation-Scripting-Cybersecurity-Hacking/dp/1800566379/ref=sr_1_2?qid=1697914504&refinements=p_28%3APowerShell&s=books&sr=1-2) |
| Top Powershell Tools | Powershell Empire | [Repo Link](https://github.com/EmpireProject/Empire.git) |
| | WinPwn | [Repo Link](https://github.com/S3cur3Th1sSh1t/WinPwn.git) |
| | PersistenceSniper| [Code Link](https://github.com/last-byte/PersistenceSniper/tree/main/PersistenceSniper) |
| | PowerLessShell | [Repo Link](https://github.com/Mr-Un1k0d3r/PowerLessShell.git) |
| Free Powershell Books Around the Internet | Learning Powershell from Stack Overflow Contributors | [PDF Link](https://riptutorial.com/Download/powershell.pdf) |
| | Mastering Windows Powershell Scripting | [PDF Link](https://static.spiceworks.com/attachments/post/0017/6852/MASTERING_PS_eBook.pdf) |
| | Learn Windows PowerShell In A Month Of Lunches | [PDF Link](https://russblog554767213.files.wordpress.com/2018/11/learn-windows-powershell-in-a-month-of-lunches.pdf) |
| | EA - Windows Security Internals with PowerShell | [PDF Link](https://mega.nz/file/CVxFFJLJ#sy1vKS5s5stg8L80_qUCmV9QDas__Guq5eHYg1XJoKI)
| | Increased use of Powershell Attacks | [PDF Link](https://docs.broadcom.com/doc/increased-use-of-powershell-in-attacks-16-en) |
| | Hands-On Penetration Testing on Windows | [PDF Link](https://hackerzambie.files.wordpress.com/2020/02/hands-on-penetration-testing-on-windows-unleash-kali-linux-powershell-and-windows-debugging-tools-for-security-testing-and-analysis-.pdf) |
| | ScriptRunner PowerShell Security Ebook 2020 | [PDF Link](https://f.hubspotusercontent30.net/hubfs/3408889/Content/E-Book%20Security/ScriptRunner_PowerShell_Security_Ebook_2020_EN.pdf) |
--------------------
RWH-Series
Real-world Series is a blog, where I will write the techniques and methods that Real World Hackers use to harm, breach, and crash data on Govt, Military, citizens, companies, etc ..
Now All the RWH has been linked at the blog category.
-------------------
ATTENCTION HERE :
This repository consists of several parts
PS-010 contains basic commands that are both fun and effective for attacking.
Please Note that Windows's security will change daily and they will try to Improve the Security. So some scripts may or may not work. If Some new scripts don't work! without hesitation notify me at Twitter
Reach out to my Windows Security Blog where I Explained pentesting methods and how you can use this repository to achieve certain Tasks ;) . [Still Writing] Link : Windows Pentest Series
### :> Note ⚠️
**If you find any wrong code / copyrighted content, please kindly inform me via Email: [email protected]. I will verify and fix the issue, else I will remove the content and create a new one. Thank you !!**
:: Cloning This Repo on git will remove some Powershell scripts.
### Improvements and Tips
How to use my Repositary as Book
Improving at writing blogs on my website, but at present, I'm on a learning curve so I can't write all the blogs about it :(