| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2013-11-13 | Normalized all scripts to ASCII encoding | mattifestation | 58 | -91/+91 | |
| 2013-11-07 | Get-ILDisassembly now accepts ConstructorInfo objects | mattifestation | 1 | -3/+4 | |
| 2013-11-07 | Get-ILDisassembly now displays metadata tokens. | mattifestation | 2 | -1/+9 | |
| * Having metadata tokens displayed in output helps with reverse engineering because you can pass metadata tokens to System.Reflection.Module.ResolveMember and then easily interact with the member in question. * I also fixed a bug when displaying integer constants. I wasn't doing an endian swap. | |||||
| 2013-11-04 | Merge pull request #19 from clymb3r/master | Matt Graeber | 1 | -2/+2 | |
| Updated Invoke-TokenManipulation help | |||||
| 2013-11-04 | Updated Invoke-TokenManipulation help | clymb3r | 1 | -2/+2 | |
| 2013-11-04 | Added Invoke-TokenManipulation to README.md | mattifestation | 1 | -0/+4 | |
| 2013-11-04 | Merge pull request #18 from clymb3r/master | Matt Graeber | 2 | -1/+1774 | |
| Adding Invoke-TokenManipulation | |||||
| 2013-11-03 | Adding Invoke-TokenManipulation | clymb3r | 2 | -1/+1774 | |
| 2013-11-03 | Fix for hostfiles option in powershell 2 | webstersprodigy | 1 | -2/+2 | |
| 2013-11-03 | Updated usage tip | mattifestation | 1 | -1/+4 | |
| 2013-11-03 | Added a usage tip | mattifestation | 1 | -0/+2 | |
| Added a one-liner for PSv3 that will remove the annoying warnings that are displayed when importing scripts downloaded from the Internet. | |||||
| 2013-11-03 | Slight clarification to license statement | mattifestation | 1 | -1/+1 | |
| 2013-11-03 | Modified license verbiage | mattifestation | 1 | -1/+1 | |
| 2013-11-03 | Added exfil script synopses to README.md | mattifestation | 1 | -0/+8 | |
| Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the readme. | |||||
| 2013-11-03 | Fixed minor logic bug in C type undecorated symbols | mattifestation | 1 | -1/+8 | |
| 2013-11-03 | Added Get-LibSymbols | mattifestation | 4 | -2/+313 | |
| Get-LibSymbols parses Microsoft .lib files and displays decorated and undecorated symbols. | |||||
| 2013-10-23 | Merge pull request #17 from webstersprodigy/portscan-hostlist-fix | Matt Graeber | 1 | -2/+2 | |
| Fix for hostfiles option in powershell 2 | |||||
| 2013-10-22 | Fix for hostfiles option in powershell 2 | webstersprodigy | 1 | -2/+2 | |
| 2013-10-05 | Updated usage tip | mattifestation | 1 | -1/+4 | |
| 2013-10-05 | Added a usage tip | mattifestation | 1 | -0/+2 | |
| Added a one-liner for PSv3 that will remove the annoying warnings that are displayed when importing scripts downloaded from the Internet. | |||||
| 2013-10-05 | Slight clarification to license statement | mattifestation | 1 | -1/+1 | |
| 2013-10-05 | Merge pull request #16 from clymb3r/master | Matt Graeber | 3 | -8/+8 | |
| Switching to ANSI from UTF8 encoding | |||||
| 2013-10-01 | Switching to ANSI from UTF8 encoding | clymb3r | 3 | -8/+8 | |
| Scripts now work in 2008r2. I thought I tested before uploading but something broke somehow... Now the scripts work in 2008r2 and win8+ | |||||
| 2013-10-01 | Modified license verbiage | mattifestation | 1 | -1/+1 | |
| 2013-10-01 | Added exfil script synopses to README.md | mattifestation | 1 | -0/+8 | |
| Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the readme. | |||||
| 2013-10-01 | Merge pull request #15 from clymb3r/master | Matt Graeber | 319 | -1/+29696 | |
| Adding GitIgnore, adding Invoke-NinjaCopy and Invoke-Mimikatz | |||||
| 2013-10-01 | Adding Invoke-Mimikatz and Invoke-Ninjacopy | clymb3r | 318 | -1/+29481 | |
| 2013-10-01 | Adding gitignore file | clymb3r | 1 | -0/+215 | |
| Don't want gigantic ipch files from visual studio (among other useless files) to be uploaded. | |||||
| 2013-10-01 | Merge pull request #14 from clymb3r/master | Matt Graeber | 1 | -2593/+2575 | |
| Fixes for Windows 8.1/.NET 4.5 | |||||
| 2013-09-30 | Fixes for Windows 8.1/.NET 4.5 | clymb3r | 1 | -2593/+2575 | |
| .NET 4.5 introduced breaking changes in the way Marshalling works. Added a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5. | |||||
| 2013-09-30 | Fixed minor logic bug in C type undecorated symbols | mattifestation | 1 | -1/+8 | |
| 2013-09-29 | Added Get-LibSymbols | mattifestation | 4 | -2/+313 | |
| Get-LibSymbols parses Microsoft .lib files and displays decorated and undecorated symbols. | |||||
| 2013-09-04 | Merge pull request #13 from clymb3r/master | Matt Graeber | 1 | -0/+9 | |
| Call to DllMain when unloading reflective DLL | |||||
| 2013-09-03 | Call to DllMain when unloading reflective DLL | clymb3r | 1 | -0/+9 | |
| Prior to this fix, DllMain with the ProessDetach flag was not called when unloading the reflectively loaded DLL. This was causing very weird crashes in the Invoke-NinjaCopy script which is built on this script. This should fix the crash. | |||||
| 2013-08-29 | Added ProcessModuleTrace cmdlets | mattifestation | 4 | -2/+153 | |
| Added *-ProcessModuleTrace cmdlets to trace details when modules are loaded into a process. These can be useful for malware analysis. | |||||
| 2013-08-17 | Explicitly casting types as [Type]v2.2 | Matt Graeber | 2 | -6/+6 | |
| The latest version of .NET added generics to many of the InteropService methods. Therefore, all of my uses of types need to be explicitly cast with [Type]. | |||||
| 2013-08-17 | Added ps1xml file for Get-ILDisassembly | Matt Graeber | 3 | -3/+46 | |
| Output from Get-ILDisassembly is slightly cleaner. | |||||
| 2013-08-17 | Removing Get-PEArchitecture | Matt Graeber | 3 | -100/+1 | |
| This functionality is present and maintained in Get-PEHeader. | |||||
| 2013-08-17 | Get-Keystrokes now accepts relative paths | Matt Graeber | 1 | -1/+3 | |
| 2013-08-17 | Out-Minidump now provides descriptive output | Matt Graeber | 1 | -2/+2 | |
| Out-Minidump now outputs a FileInfo object (i.e. the same output as Get-ChildItem) upon successfully creating a dump file. | |||||
| 2013-08-17 | Added additional error handling to Get-GPPPassword | Matt Graeber | 1 | -3/+10 | |
| 2013-08-17 | Merge pull request #11 from hajdbo/patch-1 | Matt Graeber | 1 | -2/+2 | |
| added ErrorAction SilentlyContinue to Get-ChildItem | |||||
| 2013-08-16 | Compiler parameters were not applied to Add-Type | Matt Graeber | 1 | -4/+2 | |
| The compiler parameters were not being applied to Add-Type in Get-PEHeader. Derp. This led to unexpected errors when Visual Studio environment variables were defined. | |||||
| 2013-08-12 | added ErrorAction SilentlyContinue to Get-ChildItem | hajdbo | 1 | -2/+2 | |
| Sometimes you will have a denied access to a directory. "ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied. | |||||
| 2013-07-28 | Get-PEHeader can now return raw section data | Matt Graeber | 1 | -7/+45 | |
| 2013-07-28 | Latest version of .NET Framework broke Get-PEHeader | Matt Graeber | 1 | -15/+15 | |
| To fix this, I needed to explicitly cast types in the SizeOf and PtrToStructure methods. | |||||
| 2013-07-11 | Latest version of .NET Framework broke Get-PEB | Matt Graeber | 1 | -12/+12 | |
| To fix this, I needed to explicitly cast types in the SizeOf and PtrToStructure methods. | |||||
| 2013-07-09 | Added Get-ObjDump | Matt Graeber | 4 | -2/+1007 | |
| Get-ObjDump parses and return information about one or more Windows object files. It is similar to dumpbin but it returns objects! | |||||
| 2013-07-06 | Merge pull request #10 from mattifestation/webstersprodigy-Portscan | Matt Graeber | 3 | -2/+1094 | |
| Webstersprodigy portscan | |||||
| 2013-07-06 | Added Invoke-Portscan to README | Matt Graeber | 1 | -0/+4 | |