Discover PowerShell

These scripts will Customize, Debloat and Improve Privacy/Performance and System Responsiveness on Windows 10+.

Win-Debloat-Tools

GitHub Actions runner images

runner-images

A command-line installer for Windows.

Scoop

A clipboard synchronization tool that based on Git.

gcopy

A Project dedicated to making GPU Partitioning on Windows easier!

Easy-GPU-PV

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.

flare-vm

Home repository for .NET Core

core

WSL

Issues found on WSL

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

Microsoft-Analyzer-Suite

Windows Local Privilege Escalation Cookbook

Windows-Local-Privilege-Escalation-Cookbook

PowerSploit - A PowerShell Post-Exploitation Framework

PowerSploit

A technique for Active Directory domain persistence

ServerUntrustAccount

Modified Spotify client. Blocks ads and updates, and more.

SpotX

A PowerShell environment for Git

posh-git

Automates changing the host resolution to match the client resolution of Moonlight, with capabilities of supersampling if required

ResolutionAutomation

Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode

sRDI

PowerSharpPack

A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.

Microsoft-Extractor-Suite

A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

Active-Directory-Exploitation-Cheat-Sheet

Automation for internal Windows Penetrationtest / AD-Security

WinPwn

BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.

BadBlood

PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.

PowerHuntShares

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. [email protected]

commando-vm

selfhosted-apps-docker

Guide by Example

A tool for checking if MFA is enabled on multiple Microsoft Services

MFASweep

Bootstrap disposable Windows VMs configured through a web app

bootloader-crimes

Azure Resource Inventory - It's a Powerful tool to create EXCEL inventory from Azure Resources with low effort

ARI

Amsi Bypass payload that works on Windwos 11

Amsi_Bypass_In_2023

Monitor your PingCastle scans to highlight the rule diff between two scans

PingCastle-Notify

PowerParse

PowerShell PE Parser

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.

MSOLSpray

Extension module for Windows Explorer to render SVG thumbnails, so that you can have an overview of your SVG files

svg-explorer-extension

Ladon大型内网渗透工具，可PowerShell模块化、可CS插件化、可内存加载，无文件扫描。含端口扫描、服务识别、网络资产探测、密码审计、高危漏洞检测、漏洞利用、密码读取以及一键GetShell，支持批量A段/B段/C段以及跨网段扫描，支持URL、主机、域名列表扫描等。Ladon 11.0内置234个功能,网络资产探测模块32个通过多种协议(ICMP\NBT\DNS\MAC\SMB\WMI\SSH\HTTP\HTTPS\Exchange\mssql\FTP\RDP)以及方法快速获取目标网络存活主机IP、计算机名、工作组、共享资源、网卡地址、操作系统版本、网站、子域名、中间件、开放服务、路由器、交换机、数据库、打印机等信息，高危漏洞检测16个含MS17010、Zimbra、Exchange

Ladon

Red Team Attack Lab for TTP testing & research

red_team_attack_lab

Enhance the security and privacy of your Windows 10 and Windows 11 deployments with our fully optimized, hardened, and debloated script. Adhere to industry best practices and Department of Defense STIG/SRG requirements for optimal performance and security.

Windows-Optimize-Harden-Debloat

DeepBlueCLI

Visual Studio IntelliCode - AI-enhanced development tools. 👋Want to submit an issue to MicrosoftDocs/intellicode? If you have a bug or an idea, read the contributing guidelines before opening an issue. For FAQ's see

intellicode

Easily move your WSL distros VHDX file to a new location.

move-wsl

PowerShell AI module. Brings OpenAI to the console and scripts

PSAI

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

PowerUpSQL

Repo for ADACLScan.ps1 - Your number one script for ACL's in Active Directory

ADACLScanner

Powershell module that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. Official Twitter/X account @PersistSniper. Made with ❤️ by @last0x00 and @dottor_morte

PersistenceSniper

📦 The default bucket for Scoop.

Main

Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

vulnerable-AD

This repository is offered for tracking features and issues with Windows Containers. The Windows Containers product team will monitor this repo in order to engage with our community and discuss questions, customer scenarios, or feature requests.

Windows-Containers

yingji

应急相关内容积累

500+ PowerShell scripts (.ps1) for every system!

PowerShell

BadZure orchestrates the setup of Azure AD tenants, populating them with diverse entities while also introducing common security misconfigurations to create vulnerable tenants with multiple attack paths.

BadZure

👻 PwshSpectreConsole is an opinionated wrapper for the awesome Spectre.Console library

PwshSpectreConsole

.NET samples for OpenIddict

openiddict-samples

This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and how they can be mitigated or detected.

AzureAD-Attack-Defense

sudo

It's sudo, for Windows

A PowerShell script to download Windows or UEFI Shell ISOs

Fido

Command line utilities written in Powershell

psutils

PowerShell framework to assess Azure security

PowerZure

Learning PowerShell through test-driven development of games and puzzles

Tiny-PowerShell-Projects

Cloak files using text based steganography output to obsfucate what data they contain. Coded in Powershell. This is a port of TryCatchHCF's Cloakify written in python

Cloakify-Powershell

Scripts for generating diffs of LabVIEW files

labview-git-diff-scripts

Python builds for Actions Runner Images

python-versions

Public repo to sync with security-pr

security

MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIR

MemProcFS-Analyzer

Get-IntuneManagementExtensionDiagnostics script analyzes Intune IME logs and shows events in Timeline

Get-IntuneManagementExtensionDiagnostics

PowerShell Module for the Jamf Classic API

Pwsh-JamfClassicAPI

Weaponizing for privileged file writes bugs with PrintNotify Service

SpoolTrigger

🧲 Soothing pastel theme for qBittorrent

qbittorrent

ProxmoxVE PowerShell module for accessing API like VMware PowerCLI

cv4pve-api-powershell

Some usefull Scripts and Executables for Pentest & Forensics

Creds

The goal of this repository is to document the most common techniques to bypass AppLocker.

UltimateAppLockerByPassList

Install PM2 offline as a service on Windows or Linux. Mostly designed for Windows.

pm2-installer

A mirror of several precompiled standalone red-teaming tools.

binaries

a PowerShell module that allows you to impersonate the currently logged on user, while running PowerShell.exe as system.

RunAsUser

Azure Security Resources and Notes

Azure-Red-Team

Powershell Mimikatz Loader

Invoke-Mimikatz

ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

ADRecon

Repository for the Microsoft Identity Tools PowerShell module which provides various tools for performing enhanced Identity administration activities.

MSIdentityTools

One-click install for WizardLM-13B-Uncensored with oobabooga webui

LLM-WSL2-Docker

scoop-bucket

scoop-buket for pentest

Pretty PowerShell that looks good and functions almost as good as Linux terminal

powershell-profile

🍊 Orange Tsai EventViewer RCE

EventViewer-UACBypass

AutoRest

Powershell script to flip screen orientation horizontal / vertical quick and easy, without using Display settings menu.

Windows-Display-Orientation-Script

PowerShell module to interact with Windows Presentation Foundation (or WPF) controls.

WPFPS

This repo includes PowerShell scripts and VMM service templates for setting up the Microsoft Software Defined Networking (SDN) Stack using Windows Server 2016

SDN

azure-secure-networking-for-devs

Some binaries/scripts that may be useful in red team/pentest exercises

redteam-arsenal

Get-MediaInfo is a PowerShell MediaInfo solution

Get-MediaInfo

dotfiles for Windows, including Developer-minded system defaults. Built in PowerShell

dotfiles-windows

Tools for Xbox Game Streaming

xbox-game-streaming-tools

Tooling to build PHP on Windows

php-windows-builder

Updates the IP address of your Duck DNS domain(s). Intended to be run as a scheduled task.

duckdns-powershell

vdcWorkshop

Get-System-Techniques

Create evergreen Windows image build pipelines with the latest version numbers and download URLs for common applications

evergreen

| Public | Code snippet samples for various operations in the Octopus Deploy REST API

OctopusDeploy-Api

One-click install for StabilityAI's Stable-Diffusion with AUTOMATIC1111's webui

Stable-Diffusion-WSL2-Docker

Timeline of Active Directory changes with replication metadata

ADTimeline

retrieve information via O365 and AzureAD with a valid cred

o365recon

Rules to validate Azure resources and infrastructure as code (IaC) using PSRule.

100

PSRule.Rules.Azure