| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2014-03-21 | Missing File Names | Chris Campbell | 1 | -2/+2 | |
| Added printers.xml and drives.xml to the search. | |||||
| 2014-03-16 | Fixed error in PowerSploit ADS removal one-liner | mattifestation | 1 | -1/+1 | |
| 2014-03-16 | Adding internal recon/privesc privesc functions #40 | mattifestation | 2 | -1/+583 | |
| Added the following recon functions written by Joe Bialek (@JosephBialek): - Find-4648Logons - Find-4624Logons - Find-AppLockerLogs - Find-PSScriptsInPSAppLog - Find-RDPClientConnections - Get-ComputerDetails (Combines all of the above functions into a single function) | |||||
| 2014-03-05 | Bug fix of from v3 XML expanding to $Count | Chris Campbell | 1 | -2/+2 | |
| This bug fix was from @jakxx | |||||
| 2014-03-05 | Update to version 2.4.0 from @jakxx | Chris Campbell | 1 | -3/+14 | |
| Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx | |||||
| 2014-03-01 | Added Get-VolumeShadowCopy and Mount-VolumeShadowCopy | mattifestation | 3 | -1/+157 | |
| 2014-02-23 | Consolidated Persistence module functions into Persistence.psm1 | mattifestation | 5 | -703/+701 | |
| It doesn't make sense to have these as separate ps1 files. | |||||
| 2014-02-23 | #31 Persistence module function nouns are now singular | mattifestation | 5 | -42/+42 | |
| The function names New-UserPersistenceOption and New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform to PowerShell naming best practices. | |||||
| 2014-02-21 | Merge pull request #32 from obscuresec/master | Matt Graeber | 1 | -72/+65 | |
| Minor fixes for compatibility between versions | |||||
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -3/+3 | |
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -1/+1 | |
| 2014-02-21 | Changed the direction of XML parsing | Chris Campbell | 1 | -70/+63 | |
| Used Select-XML to ensure compatibility with v2 | |||||
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -1/+1 | |
| Iterate version. | |||||
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -5/+5 | |
| 2014-02-21 | Update Get-GPPPassword.ps1 | Chris Campbell | 1 | -12/+12 | |
| Bug fix of variables. | |||||
| 2014-02-21 | Major Revision of Get-GPPPasswords | mattifestation | 1 | -59/+141 | |
| Thanks @obscuresec! | |||||
| 2014-02-12 | Changed Inject-LogonCredentials name to Invoke-CredentialInjection | mattifestation | 1 | -1/+1 | |
| 2014-02-12 | Merge pull request #28 from clymb3r/master | Matt Graeber | 5 | -3423/+3432 | |
| Inject-LogonCredentials has been renamed to Invoke-CredentialInjection. | |||||
| 2014-02-12 | Inject-LogonCredentials has been renamed to Invoke-CredentialInjection. | clymb3r | 5 | -3423/+3432 | |
| Added a check to ensure the script isn't being run from Session0 with the "NewWinLogon" flag. This flag does not work in Session0 because winlogon.exe tries to load stuff from user32.dll which requires a desktop is present. This is not possible in Session0 because there is no desktop/GUI, so it causes winlogon to load and then immediately close with error code c0000142 indicating a DLL failed to initialize. There is no way to fix this that I know of, if you need to run the script from Session0 use the "ExistingWinLogon" flag. | |||||
| 2014-02-03 | Add Get-Entropy | mattifestation | 3 | -1/+111 | |
| 2014-02-03 | Removed mimikatz. | mattifestation | 289 | -16310/+0 | |
| This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit. | |||||
| 2014-01-30 | Merge pull request #26 from obscuresec/master | Matt Graeber | 1 | -105/+130 | |
| Update Invoke-ReverseDnsLookup.ps1 | |||||
| 2014-01-30 | Update Invoke-ReverseDnsLookup.ps1 | Chris Campbell | 1 | -105/+130 | |
| Added pipeline support and verbose statement. | |||||
| 2014-01-25 | Generate a non-terminating error if there's a binding/framework version mismatch | mattifestation | 2 | -0/+5 | |
| The user should at least be made aware if they're using an unsupported framework library version. | |||||
| 2014-01-25 | Upgraded Capstone framework libs to 2.0 | mattifestation | 2 | -0/+0 | |
| These are the compiled libs straight from http://www.capstone-engine.org/download.html | |||||
| 2014-01-25 | Disable non-standard cmdlet verb checking | mattifestation | 1 | -1/+1 | |
| 2014-01-19 | Capstone.dll returns the correct number of operands now. | mattifestation | 1 | -0/+0 | |
| 2014-01-19 | Capstone module now incorporates framework 2.0RC1 | mattifestation | 10 | -127/+176 | |
| * I also moved the contents of Get-CSDisassembly.ps1 into Capstone.psm1 | |||||
| 2014-01-11 | Merge pull request #25 from clymb3r/master | Matt Graeber | 1 | -32/+142 | |
| Bug fixes for Invoke-TokenManipulation | |||||
| 2014-01-10 | Bug fixes for Invoke-TokenManipulation | clymb3r | 1 | -32/+142 | |
| Processes could not be started when the script was being run from Session 0. The fix is to use the CreateProcessAsUserW function when running in Session 0. This API requires SeAssignPrimaryTokenPrivilege priviege, so for non-session0 calls I still use CreateProcessWithTokenW which does not require special privileges. | |||||
| 2014-01-04 | Updated usage documentation | mattifestation | 1 | -2/+3 | |
| 2014-01-04 | Updated C# Capstone binding to latest version | mattifestation | 1 | -0/+0 | |
| 2014-01-01 | Fixes #23 - $Password was not being cleared | mattifestation | 1 | -0/+1 | |
| 2013-12-26 | Adding 64-bit lib file | mattifestation | 2 | -1/+0 | |
| 2013-12-26 | Major update to Capstone disassembly module | mattifestation | 4 | -16/+13 | |
| * Refactor of C# capstone binding * Now compatible in 32 and 64-bit PowerShell | |||||
| 2013-12-22 | Added Capstone Engine PowerShell binding | mattifestation | 10 | -0/+266 | |
| Consider this to be an alpha release until the C# binding is published. | |||||
| 2013-11-18 | Added Inject-LogonCredentials to README | mattifestation | 1 | -0/+4 | |
| 2013-11-18 | Merge pull request #21 from clymb3r/master | Matt Graeber | 18 | -1/+4428 | |
| Adding Inject-LogonCredentials | |||||
| 2013-11-17 | Adding Inject-LogonCredentials | clymb3r | 18 | -1/+4428 | |
| 2013-11-13 | Normalized all scripts to ASCII encoding | mattifestation | 58 | -91/+91 | |
| 2013-11-07 | Get-ILDisassembly now accepts ConstructorInfo objects | mattifestation | 1 | -3/+4 | |
| 2013-11-07 | Get-ILDisassembly now displays metadata tokens. | mattifestation | 2 | -1/+9 | |
| * Having metadata tokens displayed in output helps with reverse engineering because you can pass metadata tokens to System.Reflection.Module.ResolveMember and then easily interact with the member in question. * I also fixed a bug when displaying integer constants. I wasn't doing an endian swap. | |||||
| 2013-11-04 | Merge pull request #19 from clymb3r/master | Matt Graeber | 1 | -2/+2 | |
| Updated Invoke-TokenManipulation help | |||||
| 2013-11-04 | Updated Invoke-TokenManipulation help | clymb3r | 1 | -2/+2 | |
| 2013-11-04 | Added Invoke-TokenManipulation to README.md | mattifestation | 1 | -0/+4 | |
| 2013-11-04 | Merge pull request #18 from clymb3r/master | Matt Graeber | 2 | -1/+1774 | |
| Adding Invoke-TokenManipulation | |||||
| 2013-11-03 | Adding Invoke-TokenManipulation | clymb3r | 2 | -1/+1774 | |
| 2013-11-03 | Fix for hostfiles option in powershell 2 | webstersprodigy | 1 | -2/+2 | |
| 2013-11-03 | Updated usage tip | mattifestation | 1 | -1/+4 | |
| 2013-11-03 | Added a usage tip | mattifestation | 1 | -0/+2 | |
| Added a one-liner for PSv3 that will remove the annoying warnings that are displayed when importing scripts downloaded from the Internet. | |||||