WMI Classes (detailed)

 

Cmdlets relacionados con la gestión de cuentas locales en Windows 10

Win32 Classes (Windows)

Windows processes

Windows Post Exploitation Cmdlets Execution (PowerShell)

Presence

This section focuses on information gathering about the victim host and the network that it’s attached to.

System

shows-all-current-environmental-variables-macos

WMI

Networking

Users

Configs

Finding important files

Files to pull

Remote system access

Software

Auto­Start directories


Persistance

This section focuses on gaining a foothold to re­gain, or re­obtain access to a system through means of authentication, backdoors, etc..

Download

Compress or expand ZIP archive

Reg command exit

Deleting logs

Uninstalling software „Antivirus“

Invasive or altering commands

Adquisición de datos volátiles

Posh-SecModule

This module is a PowerShell v3 only module at the moment. The module is a collection of functions that I have found usefull in my day to day work as a security professional. The functions are broken in to functionality:

  • Discovery: Perform network discovery.
  • Parse: Parsers for Nmap, DNSRecon and other type of output files from security tools.
  • PostExploitation: Functions to help in performing post exploitation tasks.
  • Registry: Collection of functions for manipulating the registry in remote hosts using WMI.
  • Nessus: Collection of assemblies and functions for automating the Nessus Vulnerability Scanner.
  • Utilities: General purpose functions.
  • Audit: Functions that may be usful when performing audit of systems.
  • Database: Functions that are useful when interacting with databases.
  • Shodan: Functions for doing discovery using Shodan using a valid API key.
  • VirusTotal: Functions for Interacting with Virus Total using a valid API key.
  • Metasploit: Functions for automating Metasploit Framework and the comercial version using the XMLRPC API.

Download:

iex (New-Object Net.WebClient).DownloadString(„https://gist.github.com/darkoperator/6404266/raw/982cae410fc41f6c64e69d91fc3dda777554f241/gistfile1.ps1“)

More information:

https://github.com/darkoperator/Posh-SecMod