cyber-security-resources/windows

Resources for Windows-based Assessments

Tools used for Windows-based Assessments

• PowerShell Empire
• CimSweep
• Responder - A LLMNR, NBT-NS and MDNS poisoner
• BloodHound - Six Degrees of Domain Admin
• AD Control Path - Active Directory Control Paths auditing and graphing tools
• PowerSploit - A PowerShell Post-Exploitation Framework
• PowerView - Situational Awareness PowerShell framework
• PowerSCCM - Functions to facilitate connections to and queries from SCCM databases and WMI interfaces for both offensive and defensive applications.
• Empire - PowerShell and Python post-exploitation agent
• Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
• UACME - Defeating Windows User Account Control
• Windows System Internals - (Including Sysmon etc.)
• Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows
• CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments

Additional Resources

• PaulSec Windows Resource Repository
• Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...)
• SANS PowerShell Cheat Sheet
• The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets.