| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2013-07-03 | Updated Get-GPPPassword | Matt Graeber | 5 | -113/+133 | |
| 2013-06-30 | Added Get-Keystrokes | Matt Graeber | 3 | -1/+252 | |
| Get-Keystrokes is a PowerShell keylogger | |||||
| 2013-06-08 | New-Object proxy function compatibility fix | Matt Graeber | 1 | -0/+0 | |
| I was calling the [Guid]::TryParse method that was only present in .NET 4 so this wasn't working in PowerShell v2. | |||||
| 2013-06-05 | Forgot to add -Property param to CLSID option | Matt Graeber | 1 | -0/+0 | |
| 2013-06-05 | Added New-Object proxy function | Matt Graeber | 3 | -1/+5 | |
| You can provide a CLSID (i.e. a Guid) to New-Object via the -ComObject parameter in addition to a ProgId. | |||||
| 2013-06-01 | Type names added to Get-NtSystemInformation | Matt Graeber | 2 | -4/+227 | |
| When displaying handle information, you can now filter by and display object type names: Get-NtSystemInformation | |||||
| 2013-05-31 | Added Invoke-ReflectivePEInjection | Matt Graeber | 56 | -1551/+4246 | |
| Another awesome addition from Joe Bialek. Invoke-ReflectivePEInjection is a vast improvement over Invoke-ReflectiveDllInjection. It adds the following features: * Now supports loading exe files in memory * Supports reflective dll injection into a remote process * Additional sample Visual Studio solutions | |||||
| 2013-05-31 | Fixed architecture detection bug in Get-PEB | Matt Graeber | 1 | -1/+1 | |
| I was checking processor architecture when I should have been checking OS architecture. | |||||
| 2013-05-29 | Silly me. Just discovered the SetOffset method. | Matt Graeber | 1 | -77/+75 | |
| Thanks @JosephBialek! | |||||
| 2013-05-25 | ProcessParameters now displays properly | Matt Graeber | 1 | -6/+3 | |
| 2013-05-24 | Get-PEB now parses _RTL_USER_PROCESS_PARAMETERS | Matt Graeber | 2 | -1/+201 | |
| 2013-05-18 | "Best practice" improvements to Out-Minidump | Matt Graeber | 1 | -42/+39 | |
| 2013-05-16 | _SYSTEM_HANDLE_INFORMATION prints as a table now | Matt Graeber | 1 | -34/+56 | |
| 2013-05-16 | Added _SYSTEM_LOCK_INFORMATION struct | Matt Graeber | 2 | -1/+119 | |
| Yet another method of leaking kernel pointers. | |||||
| 2013-05-15 | Added Out-Minidump | Matt Graeber | 3 | -1/+139 | |
| Out-Minidump writes a process dump file with all process memory to disk. This is similar to running procdump.exe with the '-ma' switch. | |||||
| 2013-05-13 | Cleaned up Get-NtSystemInformation | Matt Graeber | 1 | -2385/+81 | |
| * Removed the unnecessary NTSTATUS entries * Used splatting instead of backticks * Fixed a n00b memory management error as well. | |||||
| 2013-05-13 | Added an idiot filter to Watch-BlueScreen | Matt Graeber | 1 | -3/+7 | |
| 2013-05-13 | Added Watch-BlueScreen | Matt Graeber | 3 | -1/+79 | |
| Causes a blue-screen (bugcheck) to occur. | |||||
| 2013-05-12 | Object access mask now displays properly | Matt Graeber | 1 | -2/+3 | |
| 2013-05-12 | Removed duplicate type definition | Matt Graeber | 1 | -15/+0 | |
| 2013-05-12 | Removed some extraneous comments | Matt Graeber | 1 | -17/+17 | |
| 2013-05-12 | Added Get-NtSystemInformation | Matt Graeber | 4 | -6/+3431 | |
| Get-NtSystemInformation is a wrapper function for NtQuerySystemInformation. It is a swiss-army knife tool for obtaining internal OS information. It can currently be used to query the following: global flags, handles, objects, kernel pool allocations, and loaded kernel modules | |||||
| 2013-05-12 | Removing Get-KernelModuleInfo | Matt Graeber | 2 | -321/+0 | |
| Making way for Get-NtSystemInformation. Loaded kernel module information can be viewed with `Get-NtSystemInformation -ModuleInformation` | |||||
| 2013-05-12 | Removed test code in Invoke-ShellcodeMSIL | Matt Graeber | 1 | -4/+1 | |
| There was some test code at the end of Invoke-ShellcodeMSIL that would cause the function to execute when the script was dotsourced. | |||||
| 2013-05-10 | Added ConvertTo-String | Matt Graeber | 1 | -0/+70 | |
| ConvertTo-String converts the bytes of a file to a string that has a 1-to-1 mapping back to the file's original bytes. ConvertTo-String is useful for performing binary regular expressions. | |||||
| 2013-05-06 | Merge pull request #3 from garignack/master | Matt Graeber | 1 | -132/+185 | |
| Merged Find-AVSignature performance improvements from garignack. Thanks, garignack! | |||||
| 2013-05-02 | Code cleanup based upon discussion comments | garignack | 1 | -5/+13 | |
| Added comment-based help parameter, added additional parameter validation, piped ReadStream.seek command to out-null to prevent output to stdout. | |||||
| 2013-05-02 | Find-AVSignature Performance Improvements | garignack | 1 | -132/+177 | |
| Updated code to use [System.IO.FileStream] class with a buffer (64kb default) to greatly increase performance, especially when handling large files. Updated $EndBytes validation logic to change it to a valid value rather than throw an error. | |||||
| 2013-04-28 | Added ARM support to Get-PEHeader | Matt Graeber | 2 | -720/+741 | |
| Also fixed various pointer width bugs | |||||
| 2013-04-06 | Adding reflective DLL loading capability | Matt Graeber | 15 | -1/+1960 | |
| Adding Invoke-ReflectiveDllInjection. PowerSploit now has reflective DLL loading capabilities!!! Thanks to Joe Bialek @JosephBialek for writing this awesome code! | |||||
| 2013-04-05 | Adding Invoke-ShellcodeMSIL | Matt Graeber | 3 | -87/+361 | |
| Invoke-ShellcodeMSIL executes shellcode without making any Win32 function calls. | |||||
| 2013-04-05 | Fixed x86 bug in Get-MethodAddress | Matt Graeber | 1 | -110/+119 | |
| Get-MethodAddress was not working correctly in 32-bit PowerShell because it was returning a [UInt64] value when it should have been a [UInt32]. This fix will detect if PowerShell is running as 32 or 64-bit and define its return type accordingly. | |||||
| 2013-04-04 | Adding Persistence module | Matt Graeber | 8 | -284/+1049 | |
| 2013-03-10 | DownloadFromMSSymbolServer is a better name | Matt Graeber | 1 | -1/+1 | |
| 2013-03-10 | Fixed export parsing bug in Get-PEHeader | Matt Graeber | 1 | -1/+1 | |
| 2013-03-10 | Added DownloadEXEFromMSSymbolServer method | Matt Graeber | 1 | -881/+902 | |
| After parsing a PE header with Get-PEHeader, you now have the option of downloading the original executable from Microsoft's symbol server for reference/comparision. | |||||
| 2013-02-17 | Updated 64-32bit conversion logic for Metasploit | bitform | 1 | -2/+2 | |
| 2013-02-17 | Get-MethodAddress now returns an IntPtr. | bitform | 1 | -3/+1 | |
| It previously returned a UInt64. Returning an IntPtr makes more sense. | |||||
| 2013-01-23 | Removed .git* files | bitform | 2 | -4/+0 | |
| They weren't relevant. | |||||
| 2013-01-21 | Consistency improvements in comment-based help | bitform | 21 | -234/+296 | |
| 2013-01-20 | PowerSploit is now a respectable module! | bitform | 3 | -31/+150 | |
| PowerSploit just got a complete makeover! It is now comprised of a collection of modules grouped by category. | |||||
| 2013-01-20 | Updated PETools module file list | bitform | 1 | -1/+1 | |
| 2013-01-20 | Corrections made to usage documentation | bitform | 2 | -2/+2 | |
| 2013-01-20 | Moved scripts to their respective modules. | bitform | 5 | -1354/+0 | |
| 2013-01-20 | Added 'AntivirusBypass' Module | bitform | 4 | -0/+218 | |
| 2013-01-20 | Added 'CodeExecution' Module | bitform | 5 | -0/+1142 | |
| * I unfortunately needed to change the names of Inject-Shellcode and Inject-Dll to Invoke-Shellcode and Invoke-DllInjection in order to confirm to proper verb naming. | |||||
| 2013-01-20 | Added 'Exfiltration' Module | bitform | 4 | -0/+199 | |
| 2013-01-20 | Added 'Recon' Module | bitform | 4 | -0/+199 | |
| 2013-01-20 | Updated module manifest file listing | bitform | 2 | -2/+2 | |
| 2013-01-20 | Renamed Usage.txt to Usage.md to apply markdown. | bitform | 3 | -0/+0 | |