diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -72,6 +72,10 @@ An in-memory and on-disk PE parsing utility. Displays information about one or more Windows object files. +#### `Get-LibSymbols` + +Displays symbolic information from Windows lib files. + #### `Get-DllLoadPath` Returns the path from which Windows will load a Dll for the given executable. @@ -140,6 +144,14 @@ Locates single Byte AV signatures utilizing the same method as DSplit from "clas **All your data belong to me!** +#### `Invoke-NinjaCopy` + +Copies a file from an NTFS partitioned volume by reading the raw volume and parsing the NTFS structures. + +#### `Invoke-Mimikatz` + +Reflectively loads Mimikatz 1.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz. + #### `Get-Keystrokes` Logs keys pressed, time and the active window. @@ -211,7 +223,7 @@ Note: The tools contained within this module were all designed such that they ca * If you want to display relevant debugging information to the screen, use Write-Verbose. The user can always just tack on '-Verbose'. -* Always provide descriptive, comment-based help for every script. Also, be sure to include your name and a BSD 3-Clause license. +* Always provide descriptive, comment-based help for every script. Also, be sure to include your name and a BSD 3-Clause license (unless there are extenuating circumstances that prevent the application of the BSD license). * Make sure all functions follow the proper PowerShell verb-noun agreement. Use Get-Verb to list the default verbs used by PowerShell. |