| Age | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | Make sure System.Core is loaded before creating an AES object. https://github.com/PowerShellMafia/PowerSploit/issues/247 | 
|  | Fix for unable to index into object of type System.Diagnostic.Process on PSv2. | 
|  | This is a fix for https://github.com/PowerShellMafia/PowerSploit/issues/151 | 
|  | Fix for System.InvalidCastException:
https://github.com/PowerShellMafia/PowerSploit/issues/152 | 
|  |  | 
|  | Added -SearchForest to search all reachable domain trust \SYSVOL\'s
Each password is now output as a separate object. | 
|  |  | 
|  |  | 
|  |  | 
|  | Address issue #190 | 
|  | Added ability to specify domain controller to search (-Server parameter) | 
|  | Added default value to parameter and got rid of value check later in the code.
Added validation of -Server value to ensure it is not $Null or an empty string | 
|  |  | 
|  | Invoke-Mimikatz was not not handling functions exported by ordinal.
Thank you @gentilkiwi for the suggested fix! | 
|  | Added the ability for users to specify the domain controller that is searched, using the -Server parameter. The -Server parameter is optional and defaults to the user's current domain if not specified. | 
|  | The parameter type and return types were accidentally transposed. Thanks
@rojaster for pointing this out. | 
|  |  | 
|  | Get-TimedScreenshot now captures the entire screen. The screen
resolution is obtained via WMI. If for some reason that fails, it will
fall back to the old, less ideal method. | 
|  | Fixed the PSv4 dependency for obtaining process ownership information.
Thanks to @mmashwani for suggesting the WMI solution. | 
|  | new Get-Keystrokes | 
|  |  | 
|  |  | 
|  |  | 
|  | account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages. | 
|  |  | 
|  |  | 
|  | Also cleaned up some module manifest cruft. | 
|  | Scripts in a module should not be individually versioned. Only the
module should be versioned. | 
|  | Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility | 
|  | Updated embedded powerkatz.dll to the latest version of mimikatz -
[Commit
1b13057](https://github.com/gentilkiwi/mimikatz/commit/1b130574ed78d1d9bf6117b0839056900cb8f816)
This update addresses issue #94. | 
|  | Removed the "EndAddress" parameter set since it was never used. This
should resolve any parameter set confusion. | 
|  |  | 
|  | Incorporates idea from @obscuresec in issue #50. | 
|  |  | 
|  | This reverts commit 5a812ce82361bf65443fc9c545c091e21e98fe80. | 
|  |  | 
|  | Removed 2 unnecessary lines. | 
|  | Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes.  Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function. | 
|  | Fix for multi-processor systems | 
|  | Fix processor architecture detection for multi-processor systems. | 
|  | - Changed Remove-VSC to have a single mandatory parameter (DevicePath)
- Updated New-VSC to check initial state of the VSS Service and return
VSS to its inital state after execution | 
|  |  | 
|  | The column headings in the log file are out of order, e.g.
```
"TypedKey","Time","WindowTitle"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:28"
"Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:38"
```
The "WindowTitle" should be the first column heading like this,
```
"WindowTitle","TypedKey","Time"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:28"
"Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:38"
``` | 
|  | Updated to the latest Mimikatz build. Added sanity checks to ensure that
32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz
to fail. | 
|  | Added -PassThru to Invoke-TokenManipulation | 
|  | Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation
adding the -PassThru flag for newly created processes. Version increased
to 1.11. | 
|  |  | 
|  | Package SIDs are now displayed for Win8 apps. Both the package SID and
secret key are requirements for authenticating to Win8 app servers. | 
|  | Displays Windows vault credential objects including cleartext web
credentials. | 
|  | The latest version of Mimikatz fixes a crash that happens on Windows7/8
(and server versions) after installing the latest Windows updates. |