| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme. | 
|  |  | 
|  | Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols. | 
|  | Scripts now work in 2008r2. I thought I tested before uploading but
something broke somehow... Now the scripts work in 2008r2 and win8+ | 
|  |  | 
|  | Don't want gigantic ipch files from visual studio (among other useless
files) to be uploaded. | 
|  | .NET 4.5 introduced breaking changes in the way Marshalling works. Added
a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5. | 
|  | Prior to this fix, DllMain with the ProessDetach flag was not called
when unloading the reflectively loaded DLL. This was causing very weird
crashes in the Invoke-NinjaCopy script which is built on this script.
This should fix the crash. | 
|  | Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis. | 
|  | The latest version of .NET added generics to many of the InteropService
methods. Therefore, all of my uses of types need to be explicitly cast
with [Type]. | 
|  | Output from Get-ILDisassembly is slightly cleaner. | 
|  | This functionality is present and maintained in Get-PEHeader. | 
|  |  | 
|  | Out-Minidump now outputs a FileInfo object (i.e. the same output as
Get-ChildItem) upon successfully creating a dump file. | 
|  |  | 
|  | added ErrorAction SilentlyContinue to Get-ChildItem | 
|  | The compiler parameters were not being applied to Add-Type in
Get-PEHeader. Derp.
This led to unexpected errors when Visual Studio environment variables
were defined. | 
|  | Sometimes you will have a denied access to a directory.
"ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied. | 
|  |  | 
|  | To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods. | 
|  | To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods. | 
|  | Get-ObjDump parses and return information about one or more Windows
object files. It is similar to dumpbin but it returns objects! | 
|  | Webstersprodigy portscan | 
|  |  | 
|  | into webstersprodigy-Portscan
Conflicts:
	Recon/Recon.psd1 | 
|  |  | 
|  | Get-NtSystemInformation now returns SystemCodeIntegrityInformation -
i.e. user-mode code integrity settings. This required reverse
engineering a dll that is only present on Windows 8 ARM devices. | 
|  | Bug fix for error handling | 
|  | Fix error handling and various style problems | 
|  |  | 
|  | Add checks to terminate script if not running in proper environment. | 
|  | Added checks to ensure that the script is being ran on a domain-joined machine and with a domain account. | 
|  |  | 
|  | Get-Keystrokes is a PowerShell keylogger | 
|  |  | 
|  |  | 
|  |  | 
|  | See https://github.com/mattifestation/PowerSploit/pull/6#issuecomment-19289063
1) I like this feedback a lot and took it.
2) I tried going thread only but it got messed up with very large scans. Eventually,
I didn't think it was worth the amount of effort to make it reliable with only threads
3) Tried to do this
4) Did this
5) I like the idea in general and I took this one place (top-ports), but not for the two
examples you gave. The reasoning is, I want people to be able to specify various options
and arrays aren't that flexible. For example, I want people to specify a port list like
"80,90,8080-8090". Similar with CIDR, since that's one option, but they could also be
specifying hostnames e.g. "google.com,192.168.1.1/24,10.0.0.1" | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | I was calling the [Guid]::TryParse method that was only present in .NET
4 so this wasn't working in PowerShell v2. | 
|  |  | 
|  | You can provide a CLSID (i.e. a Guid) to New-Object via the -ComObject
parameter in addition to a ProgId. | 
|  | When displaying handle information, you can now filter by and display
object type names: Get-NtSystemInformation | 
|  | Another awesome addition from Joe Bialek. Invoke-ReflectivePEInjection
is a vast improvement over Invoke-ReflectiveDllInjection. It adds the
following features:
* Now supports loading exe files in memory
* Supports reflective dll injection into a remote process
* Additional sample Visual Studio solutions | 
|  | I was checking processor architecture when I should have been checking
OS architecture. | 
|  | Thanks @JosephBialek! |