| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2014-01-11 | Merge pull request #25 from clymb3r/master | Matt Graeber | 1 | -32/+142 | |
| Bug fixes for Invoke-TokenManipulation | |||||
| 2014-01-10 | Bug fixes for Invoke-TokenManipulation | clymb3r | 1 | -32/+142 | |
| Processes could not be started when the script was being run from Session 0. The fix is to use the CreateProcessAsUserW function when running in Session 0. This API requires SeAssignPrimaryTokenPrivilege priviege, so for non-session0 calls I still use CreateProcessWithTokenW which does not require special privileges. | |||||
| 2014-01-04 | Updated usage documentation | mattifestation | 1 | -2/+3 | |
| 2014-01-04 | Updated C# Capstone binding to latest version | mattifestation | 1 | -0/+0 | |
| 2014-01-01 | Fixes #23 - $Password was not being cleared | mattifestation | 1 | -0/+1 | |
| 2013-12-26 | Adding 64-bit lib file | mattifestation | 2 | -1/+0 | |
| 2013-12-26 | Major update to Capstone disassembly module | mattifestation | 4 | -16/+13 | |
| * Refactor of C# capstone binding * Now compatible in 32 and 64-bit PowerShell | |||||
| 2013-12-22 | Added Capstone Engine PowerShell binding | mattifestation | 10 | -0/+266 | |
| Consider this to be an alpha release until the C# binding is published. | |||||
| 2013-11-18 | Added Inject-LogonCredentials to README | mattifestation | 1 | -0/+4 | |
| 2013-11-18 | Merge pull request #21 from clymb3r/master | Matt Graeber | 18 | -1/+4428 | |
| Adding Inject-LogonCredentials | |||||
| 2013-11-17 | Adding Inject-LogonCredentials | clymb3r | 18 | -1/+4428 | |
| 2013-11-13 | Normalized all scripts to ASCII encoding | mattifestation | 58 | -91/+91 | |
| 2013-11-07 | Get-ILDisassembly now accepts ConstructorInfo objects | mattifestation | 1 | -3/+4 | |
| 2013-11-07 | Get-ILDisassembly now displays metadata tokens. | mattifestation | 2 | -1/+9 | |
| * Having metadata tokens displayed in output helps with reverse engineering because you can pass metadata tokens to System.Reflection.Module.ResolveMember and then easily interact with the member in question. * I also fixed a bug when displaying integer constants. I wasn't doing an endian swap. | |||||
| 2013-11-04 | Merge pull request #19 from clymb3r/master | Matt Graeber | 1 | -2/+2 | |
| Updated Invoke-TokenManipulation help | |||||
| 2013-11-04 | Updated Invoke-TokenManipulation help | clymb3r | 1 | -2/+2 | |
| 2013-11-04 | Added Invoke-TokenManipulation to README.md | mattifestation | 1 | -0/+4 | |
| 2013-11-04 | Merge pull request #18 from clymb3r/master | Matt Graeber | 2 | -1/+1774 | |
| Adding Invoke-TokenManipulation | |||||
| 2013-11-03 | Adding Invoke-TokenManipulation | clymb3r | 2 | -1/+1774 | |
| 2013-11-03 | Fix for hostfiles option in powershell 2 | webstersprodigy | 1 | -2/+2 | |
| 2013-11-03 | Updated usage tip | mattifestation | 1 | -1/+4 | |
| 2013-11-03 | Added a usage tip | mattifestation | 1 | -0/+2 | |
| Added a one-liner for PSv3 that will remove the annoying warnings that are displayed when importing scripts downloaded from the Internet. | |||||
| 2013-11-03 | Slight clarification to license statement | mattifestation | 1 | -1/+1 | |
| 2013-11-03 | Modified license verbiage | mattifestation | 1 | -1/+1 | |
| 2013-11-03 | Added exfil script synopses to README.md | mattifestation | 1 | -0/+8 | |
| Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the readme. | |||||
| 2013-11-03 | Fixed minor logic bug in C type undecorated symbols | mattifestation | 1 | -1/+8 | |
| 2013-11-03 | Added Get-LibSymbols | mattifestation | 4 | -2/+313 | |
| Get-LibSymbols parses Microsoft .lib files and displays decorated and undecorated symbols. | |||||
| 2013-10-23 | Merge pull request #17 from webstersprodigy/portscan-hostlist-fix | Matt Graeber | 1 | -2/+2 | |
| Fix for hostfiles option in powershell 2 | |||||
| 2013-10-22 | Fix for hostfiles option in powershell 2 | webstersprodigy | 1 | -2/+2 | |
| 2013-10-05 | Updated usage tip | mattifestation | 1 | -1/+4 | |
| 2013-10-05 | Added a usage tip | mattifestation | 1 | -0/+2 | |
| Added a one-liner for PSv3 that will remove the annoying warnings that are displayed when importing scripts downloaded from the Internet. | |||||
| 2013-10-05 | Slight clarification to license statement | mattifestation | 1 | -1/+1 | |
| 2013-10-05 | Merge pull request #16 from clymb3r/master | Matt Graeber | 3 | -8/+8 | |
| Switching to ANSI from UTF8 encoding | |||||
| 2013-10-01 | Switching to ANSI from UTF8 encoding | clymb3r | 3 | -8/+8 | |
| Scripts now work in 2008r2. I thought I tested before uploading but something broke somehow... Now the scripts work in 2008r2 and win8+ | |||||
| 2013-10-01 | Modified license verbiage | mattifestation | 1 | -1/+1 | |
| 2013-10-01 | Added exfil script synopses to README.md | mattifestation | 1 | -0/+8 | |
| Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the readme. | |||||
| 2013-10-01 | Merge pull request #15 from clymb3r/master | Matt Graeber | 319 | -1/+29696 | |
| Adding GitIgnore, adding Invoke-NinjaCopy and Invoke-Mimikatz | |||||
| 2013-10-01 | Adding Invoke-Mimikatz and Invoke-Ninjacopy | clymb3r | 318 | -1/+29481 | |
| 2013-10-01 | Adding gitignore file | clymb3r | 1 | -0/+215 | |
| Don't want gigantic ipch files from visual studio (among other useless files) to be uploaded. | |||||
| 2013-10-01 | Merge pull request #14 from clymb3r/master | Matt Graeber | 1 | -2593/+2575 | |
| Fixes for Windows 8.1/.NET 4.5 | |||||
| 2013-09-30 | Fixes for Windows 8.1/.NET 4.5 | clymb3r | 1 | -2593/+2575 | |
| .NET 4.5 introduced breaking changes in the way Marshalling works. Added a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5. | |||||
| 2013-09-30 | Fixed minor logic bug in C type undecorated symbols | mattifestation | 1 | -1/+8 | |
| 2013-09-29 | Added Get-LibSymbols | mattifestation | 4 | -2/+313 | |
| Get-LibSymbols parses Microsoft .lib files and displays decorated and undecorated symbols. | |||||
| 2013-09-04 | Merge pull request #13 from clymb3r/master | Matt Graeber | 1 | -0/+9 | |
| Call to DllMain when unloading reflective DLL | |||||
| 2013-09-03 | Call to DllMain when unloading reflective DLL | clymb3r | 1 | -0/+9 | |
| Prior to this fix, DllMain with the ProessDetach flag was not called when unloading the reflectively loaded DLL. This was causing very weird crashes in the Invoke-NinjaCopy script which is built on this script. This should fix the crash. | |||||
| 2013-08-29 | Added ProcessModuleTrace cmdlets | mattifestation | 4 | -2/+153 | |
| Added *-ProcessModuleTrace cmdlets to trace details when modules are loaded into a process. These can be useful for malware analysis. | |||||
| 2013-08-17 | Explicitly casting types as [Type]v2.2 | Matt Graeber | 2 | -6/+6 | |
| The latest version of .NET added generics to many of the InteropService methods. Therefore, all of my uses of types need to be explicitly cast with [Type]. | |||||
| 2013-08-17 | Added ps1xml file for Get-ILDisassembly | Matt Graeber | 3 | -3/+46 | |
| Output from Get-ILDisassembly is slightly cleaner. | |||||
| 2013-08-17 | Removing Get-PEArchitecture | Matt Graeber | 3 | -100/+1 | |
| This functionality is present and maintained in Get-PEHeader. | |||||
| 2013-08-17 | Get-Keystrokes now accepts relative paths | Matt Graeber | 1 | -1/+3 | |