- Overview on Powershell Execution Policy and how to Bypass it
- How to using Import-Module cmdlet
- How to download and install a module from GitHub repository
- Powershell Scripts Execution in Memory (Download Execute Cradle)
- How to using Test-NetConnection cmdlet
- How to use Get-Context cmdlet
- How to use Invoke-WebRequest
- How to Download Scripts from a Remote HTTP Server
- How to using Invoke-RestMethod cmdlet and Parsing JSON data
- How to Copy file on Remote computer
- How to Upload and Download files from FTP Server
- How to manage ACL permissions using Powershell
- Using Race Toolkit module
- Using Powerview module
- How to run a remote script using SMB protocol
- Using Certutil.exe to download malicious scripts
- Overview WinRM protocol & Powershell Remoting
- Powershell Remoting with Invoke-Command
- Powershell Remoting with Enter-PSSession
- How to use variables, functions and scripts in a remote Powershell session
- Using WMIObject cmdlet for System Gathering information
- Network enumeration and Port Scanning
- SMB enumeration and Testing weak password
- How to using Get-ADDefaultDomainPasswordPolicy
- LDAP Permission and Testing LDAP Connection
- Kerberos and SPN enumeration
- How to use Remote Windows Registry
- How to Remote software installing
- Remote Exploitation with SMB and RPC, WinRM, RDP and WMI
- Powershell Detections (AMSI, CLM, Powershell Logging)
- Overview on Anti-Malware Scan Interface and how to bypass it
- Overview on Powershell Logging and How to Bypass it
- Overview on CLM and How to bypass it
- How to obfuscate strings of parameters
- Obfuscating Powershell cmdlets
- Bypassing AV Signatures for Powershell on Invoke-Mimikatz & PowerUp
- How to create a reversible TCP using Powershell
- How to Create a Schedule Task using Powershell
- Create Local Users and Domain Users
- Managing groups membership Local and Domain
- Payload Generation with MSFvenom
- How to using Invoke-Mimikatz tool
- Collection of credentials using the Mimikatz tool
- How to DUMP the SAM database to extract local passwords
- How to DUMP to NTDS.DIT database to extract domain passwords
- How to DUMP to DSRM password
- How to use DCSync attack
- Brute force Password (Decoding Hashing) with John The Ripper tool
- Abuse Unquoted Service Path
- Abuse Insecure Service Permissions
- Exploring Weak folder permissions