Empire is a PowerShell and Python post-exploitation agent.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

Automation for internal Windows Penetrationtest / AD-Security

Privilege Escalation Enumeration Script for Windows

A collection of scripts for assessing Microsoft Azure security

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world.…

PowerShell script to quickly find missing software patches for local privilege escalation vulnerabilities.

A post-exploitation powershell tool for extracting juicy info from memory.

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment

This is a PowerShell based tool that is designed to act like a RAT. Its interface is that of a shell where any command that is supported is translated into a WMI-equivalent for use on a network/rem…

PowerShell Script to Dump Windows Credentials from the Credential Manager

Fileless web browser information extraction

POC Highlighting Obfuscation Techniques used by FIN threat actors based on cmd.exe's replace functionality and cmd.exe/powershell.exe's stdin command invocation capabilities

Mixing up CVE and MS like a pro