A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

Empire is a PowerShell and Python post-exploitation agent.

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@mandiant.com

My musings with PowerShell

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

Place to store our documentation, code samples, etc for public consumption.

A post-exploitation powershell tool for extracting juicy info from memory.

Threat Pursuit Virtual Machine (VM): A fully customizable, open-sourced Windows-based distribution focused on threat intelligence analysis and hunting designed for intel and malware analysts as wel…

Windows Exploits

A PowerShell script for helping to find vulnerable settings in AD Group Policy. (deprecated, use Grouper2 instead!)

Install WinGet using PowerShell! Prerequisites automatically installed. Works on Windows 10/11 and Server 2019/2022.

Exploit primitives for PowerShell

A PowerShell example of the Windows zero day priv esc

Learn from Casey Smith @subTee

Tweaks to make Windows 10 less annoying and more usable

A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies

The Windows Malware Analysis Reversing Core Tools

A set of demos and a PowerShell module to interact with DotNetInterop.