diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 16 |
1 files changed, 16 insertions, 0 deletions
@@ -80,6 +80,14 @@ Displays symbolic information from Windows lib files. Returns the path from which Windows will load a Dll for the given executable. +## Capstone + +**A PowerShell binding for the Capstone Engine disassembly framework.** + +#### `Get-CSDisassembly` + +Disassembles a byte array using the Capstone Engine disassembly framework. + ## ReverseEngineering **Tools to aid in reverse engineering.** @@ -144,6 +152,14 @@ Locates single Byte AV signatures utilizing the same method as DSplit from "clas **All your data belong to me!** +#### `Invoke-TokenManipulation` + +Lists available logon tokens. Creates processes with other users logon tokens, and impersonates logon tokens in the current thread. + +#### `Inject-LogonCredentials` + +Create logons with clear-text credentials without triggering a suspicious Event ID 4648 (Explicit Credential Logon). + #### `Invoke-NinjaCopy` Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures. |