├── EYLR ├── Elevate-YourRightsMan.ps1 ├── Get-BSOD.ps1 ├── Get-FirewallCredential.ps1 ├── Get-MacAfee.ps1 ├── Power-Escalate.ps1 └── tools │ ├── 64unlocked-cmd.exe │ ├── PsExec.exe │ ├── XPunlocked-cmd.exe │ ├── accesschk.exe │ ├── autorunsc.exe │ ├── cmd.dll │ ├── cmd.exe │ ├── instsrv.exe │ ├── lgpbypass.exe │ ├── srvany.exe │ └── uacpoc.exe ├── GAME ├── Demine-TheField.ps1 ├── bufferCommand.txt ├── debugger │ ├── 2r2 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbghelp.dll │ │ └── symsrv.dll │ ├── pre2r2 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbghelp.dll │ │ └── symsrv.dll │ ├── pre2r2vm │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbgeng.dll │ │ ├── dbghelp.dll │ │ ├── symsrv.dll │ │ └── winxp │ │ │ ├── kdexts.dll │ │ │ ├── ks.dll │ │ │ └── nvkd.dll │ └── x64 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbgeng.dll │ │ ├── dbghelp.dll │ │ └── symsrv.dll ├── winmine.exe └── winmine.pdb ├── GWMD ├── Wanna-DumpInConstrainedMode.ps1 ├── Wanna-DumpLikeCrazy.ps1 ├── Wanna-DumpLikeMicrosoft.ps1 ├── msdsc.exe ├── serverList.csv └── ud │ ├── x64 │ ├── dbghelp.dll │ └── userdump.exe │ └── x86 │ ├── dbghelp.dll │ └── userdump.exe ├── LICENSE ├── PREZ ├── HackFest2015.pptx └── InfoSecurityEurope2016.pptx ├── PowerMemory.ps1 ├── PowerProcess ├── Get-ProcessAddressByName.ps1 ├── Get-ProcessNameByAddress.ps1 ├── Get-Utilities.ps1 ├── Hide-Me.ps1 ├── Inject-AllPrivilegesInProcess.ps1 ├── Inject-ShellCodeInProcess.ps1 ├── Pass-The-Token.ps1 ├── Protect-Process.ps1 ├── Unhide-Me.ps1 ├── bufferCommand.txt ├── debugger │ ├── 2r2 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbghelp.dll │ │ └── symsrv.dll │ ├── pre2r2 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbghelp.dll │ │ └── symsrv.dll │ ├── pre2r2vm │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbgeng.dll │ │ ├── dbghelp.dll │ │ ├── symsrv.dll │ │ └── winxp │ │ │ ├── kdexts.dll │ │ │ ├── ks.dll │ │ │ └── nvkd.dll │ └── x64 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbgeng.dll │ │ ├── dbghelp.dll │ │ └── symsrv.dll ├── start ├── stop ├── x64 │ ├── SymbolCheck.dll │ ├── dbgeng.dll │ ├── dbghelp.dll │ ├── kd.exe │ ├── sym │ │ ├── ntkrnlmp.pdb │ │ │ ├── D09C50A7FE774FA39C3704BEBECCAC2E1 │ │ │ │ └── ntkrnlmp.pdb │ │ │ └── DD08DD42692B43F199A079D60E79D2171 │ │ │ │ └── ntkrnlmp.pdb │ │ └── pingme.txt │ ├── symsrv.dll │ ├── winext │ │ ├── ext.dll │ │ └── logexts.dll │ └── winxp │ │ ├── exts.dll │ │ └── kdexts.dll └── x86 │ ├── SymbolCheck.dll │ ├── dbgeng.dll │ ├── dbghelp.dll │ ├── kd.exe │ ├── symsrv.dll │ └── winxp │ ├── acpikd.dll │ ├── default.tmf │ ├── exts.dll │ ├── fltkd.dll │ ├── kdexts.dll │ ├── ks.dll │ ├── minipkd.dll │ ├── ndiskd.dll │ ├── ntsdexts.dll │ ├── nvkd.dll │ ├── rpcexts.dll │ ├── scsikd.dll │ ├── system.tmf │ ├── vdmexts.dll │ ├── wmitrace.dll │ ├── wow64exts.dll │ └── wudfext.dll ├── README.md ├── RECON ├── Create-TGSInMemory.ps1 ├── Get-ActiveDirectoryInfo.ps1 ├── Get-FileHashes.exe ├── Scan-SPN.ps1 └── WhiteRabbit.txt ├── RGPPP ├── Get-LocalAdminGPPAccess.ps1 └── test.ps1 ├── RWMC ├── README.md ├── White-Rabbit.ps1 ├── bufferCommand.txt ├── debugger │ ├── 2r2 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbghelp.dll │ │ └── symsrv.dll │ ├── pre2r2 │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbghelp.dll │ │ ├── sym │ │ │ └── ntoskrnl.exe │ │ │ │ └── 53085AF2789000 │ │ │ │ └── ntoskrnl.ex_ │ │ └── symsrv.dll │ ├── pre2r2vm │ │ ├── SymbolCheck.dll │ │ ├── cdb.exe │ │ ├── dbgeng.dll │ │ ├── dbghelp.dll │ │ ├── symsrv.dll │ │ └── winxp │ │ │ ├── kdexts.dll │ │ │ ├── ks.dll │ │ │ └── nvkd.dll │ └── x64 │ │ ├── SymbolCheck.dll │ │ ├── dbgeng.dll │ │ ├── dbghelp.dll │ │ ├── kd.exe │ │ ├── symsrv.dll │ │ └── winxp │ │ └── kdexts.dll ├── kernel │ └── kernel.ps1 ├── legacyOS │ └── Get-InformationsFromLegacyOS.ps1 ├── local │ └── Dump-Hashes.ps1 ├── logging │ └── Logging.ps1 ├── misc │ ├── Active Directory.vss │ ├── Application.evtx │ ├── Microsoft-Windows-PowerShell%4Operational.evtx │ ├── Security.evtx │ ├── System.evtx │ ├── reverseshell.xml │ ├── symbols14393 │ │ ├── lsasrv.pdb │ │ │ └── 0F5BDA11B3C84450851B289DAC69A45D1 │ │ │ │ └── lsasrv.pdb │ │ ├── lsass.pdb │ │ │ └── 26BFC9FA24704D54BBFB0ED80C83E3C21 │ │ │ │ └── lsass.pdb │ │ └── wdigest.pdb │ │ │ └── 21D25F1A23F54473803A6A5996CD82F01 │ │ │ └── wdigest.pdb │ └── symbols2016TP3 │ │ ├── lsasrv.pdb │ │ └── A62F56DA316A414BBBDEC8E99FFAABDF1 │ │ │ └── lsasrv.pdb │ │ ├── lsass.pdb │ │ └── 853157515AC443249F1E8BCF58DE9A5E1 │ │ │ └── lsass.pdb │ │ └── wdigest.pdb │ │ └── 14AD9FD1DEA649749E939C18154D67E11 │ │ └── wdigest.pdb ├── msdsc.exe ├── snapshot │ └── snapshot.ps1 ├── supportedOS │ └── Get-InformationsFromSupportedOS.ps1 └── utilities │ ├── Crypto.ps1 │ ├── DESX.ps1 │ ├── Decode-FromBase64.ps1 │ ├── Domain.ps1 │ ├── Utils.ps1 │ └── VIP.ps1 └── RWMCRS ├── README.md ├── White-Rabbit.ps1 ├── bufferCommand.txt ├── debugger ├── 2r2 │ ├── SymbolCheck.dll │ ├── cdb.exe │ ├── dbghelp.dll │ └── symsrv.dll ├── pre2r2 │ ├── SymbolCheck.dll │ ├── cdb.exe │ ├── dbghelp.dll │ └── symsrv.dll ├── pre2r2vm │ ├── SymbolCheck.dll │ ├── cdb.exe │ ├── dbgeng.dll │ ├── dbghelp.dll │ ├── symsrv.dll │ └── winxp │ │ ├── kdexts.dll │ │ ├── ks.dll │ │ └── nvkd.dll └── x64 │ ├── SymbolCheck.dll │ ├── dbgeng.dll │ ├── dbghelp.dll │ ├── kd.exe │ ├── symsrv.dll │ └── winxp │ └── kdexts.dll ├── misc ├── Active Directory.vss ├── Application.evtx ├── Microsoft-Windows-PowerShell%4Operational.evtx ├── Security.evtx ├── System.evtx └── symbols2016TP3 │ ├── lsasrv.pdb │ └── A62F56DA316A414BBBDEC8E99FFAABDF1 │ │ └── lsasrv.pdb │ ├── lsass.pdb │ └── 853157515AC443249F1E8BCF58DE9A5E1 │ │ └── lsass.pdb │ └── wdigest.pdb │ └── 14AD9FD1DEA649749E939C18154D67E11 │ └── wdigest.pdb └── msdsc.exe /EYLR/Elevate-YourRightsMan.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/Elevate-YourRightsMan.ps1 -------------------------------------------------------------------------------- /EYLR/Get-BSOD.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/Get-BSOD.ps1 -------------------------------------------------------------------------------- /EYLR/Get-FirewallCredential.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/Get-FirewallCredential.ps1 -------------------------------------------------------------------------------- /EYLR/Get-MacAfee.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/Get-MacAfee.ps1 -------------------------------------------------------------------------------- /EYLR/Power-Escalate.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/Power-Escalate.ps1 -------------------------------------------------------------------------------- /EYLR/tools/64unlocked-cmd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/64unlocked-cmd.exe -------------------------------------------------------------------------------- /EYLR/tools/PsExec.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/PsExec.exe -------------------------------------------------------------------------------- /EYLR/tools/XPunlocked-cmd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/XPunlocked-cmd.exe -------------------------------------------------------------------------------- /EYLR/tools/accesschk.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/accesschk.exe -------------------------------------------------------------------------------- /EYLR/tools/autorunsc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/autorunsc.exe -------------------------------------------------------------------------------- /EYLR/tools/cmd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/cmd.dll -------------------------------------------------------------------------------- /EYLR/tools/cmd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/cmd.exe -------------------------------------------------------------------------------- /EYLR/tools/instsrv.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/instsrv.exe -------------------------------------------------------------------------------- /EYLR/tools/lgpbypass.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/lgpbypass.exe -------------------------------------------------------------------------------- /EYLR/tools/srvany.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/srvany.exe -------------------------------------------------------------------------------- /EYLR/tools/uacpoc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/EYLR/tools/uacpoc.exe -------------------------------------------------------------------------------- /GAME/Demine-TheField.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/Demine-TheField.ps1 -------------------------------------------------------------------------------- /GAME/bufferCommand.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/bufferCommand.txt -------------------------------------------------------------------------------- /GAME/debugger/2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /GAME/debugger/2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/2r2/cdb.exe -------------------------------------------------------------------------------- /GAME/debugger/2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/2r2/dbghelp.dll -------------------------------------------------------------------------------- /GAME/debugger/2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/2r2/symsrv.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2/cdb.exe -------------------------------------------------------------------------------- /GAME/debugger/pre2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2/dbghelp.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2/symsrv.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/SymbolCheck.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/cdb.exe -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/dbgeng.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/dbghelp.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/symsrv.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/winxp/kdexts.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/winxp/ks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/winxp/ks.dll -------------------------------------------------------------------------------- /GAME/debugger/pre2r2vm/winxp/nvkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/pre2r2vm/winxp/nvkd.dll -------------------------------------------------------------------------------- /GAME/debugger/x64/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/x64/SymbolCheck.dll -------------------------------------------------------------------------------- /GAME/debugger/x64/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/x64/cdb.exe -------------------------------------------------------------------------------- /GAME/debugger/x64/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/x64/dbgeng.dll -------------------------------------------------------------------------------- /GAME/debugger/x64/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/x64/dbghelp.dll -------------------------------------------------------------------------------- /GAME/debugger/x64/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/debugger/x64/symsrv.dll -------------------------------------------------------------------------------- /GAME/winmine.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/winmine.exe -------------------------------------------------------------------------------- /GAME/winmine.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GAME/winmine.pdb -------------------------------------------------------------------------------- /GWMD/Wanna-DumpInConstrainedMode.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/Wanna-DumpInConstrainedMode.ps1 -------------------------------------------------------------------------------- /GWMD/Wanna-DumpLikeCrazy.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/Wanna-DumpLikeCrazy.ps1 -------------------------------------------------------------------------------- /GWMD/Wanna-DumpLikeMicrosoft.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/Wanna-DumpLikeMicrosoft.ps1 -------------------------------------------------------------------------------- /GWMD/msdsc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/msdsc.exe -------------------------------------------------------------------------------- /GWMD/serverList.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/serverList.csv -------------------------------------------------------------------------------- /GWMD/ud/x64/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/ud/x64/dbghelp.dll -------------------------------------------------------------------------------- /GWMD/ud/x64/userdump.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/ud/x64/userdump.exe -------------------------------------------------------------------------------- /GWMD/ud/x86/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/ud/x86/dbghelp.dll -------------------------------------------------------------------------------- /GWMD/ud/x86/userdump.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/GWMD/ud/x86/userdump.exe -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/LICENSE -------------------------------------------------------------------------------- /PREZ/HackFest2015.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PREZ/HackFest2015.pptx -------------------------------------------------------------------------------- /PREZ/InfoSecurityEurope2016.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PREZ/InfoSecurityEurope2016.pptx -------------------------------------------------------------------------------- /PowerMemory.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerMemory.ps1 -------------------------------------------------------------------------------- /PowerProcess/Get-ProcessAddressByName.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Get-ProcessAddressByName.ps1 -------------------------------------------------------------------------------- /PowerProcess/Get-ProcessNameByAddress.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Get-ProcessNameByAddress.ps1 -------------------------------------------------------------------------------- /PowerProcess/Get-Utilities.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Get-Utilities.ps1 -------------------------------------------------------------------------------- /PowerProcess/Hide-Me.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Hide-Me.ps1 -------------------------------------------------------------------------------- /PowerProcess/Inject-AllPrivilegesInProcess.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Inject-AllPrivilegesInProcess.ps1 -------------------------------------------------------------------------------- /PowerProcess/Inject-ShellCodeInProcess.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Inject-ShellCodeInProcess.ps1 -------------------------------------------------------------------------------- /PowerProcess/Pass-The-Token.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Pass-The-Token.ps1 -------------------------------------------------------------------------------- /PowerProcess/Protect-Process.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Protect-Process.ps1 -------------------------------------------------------------------------------- /PowerProcess/Unhide-Me.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/Unhide-Me.ps1 -------------------------------------------------------------------------------- /PowerProcess/bufferCommand.txt: -------------------------------------------------------------------------------- 1 | f ffffe001`697b1f7a L1 0x61 -------------------------------------------------------------------------------- /PowerProcess/debugger/2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/2r2/cdb.exe -------------------------------------------------------------------------------- /PowerProcess/debugger/2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/2r2/dbghelp.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/2r2/symsrv.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2/cdb.exe -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2/dbghelp.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2/symsrv.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/SymbolCheck.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/cdb.exe -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/dbgeng.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/dbghelp.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/symsrv.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/winxp/kdexts.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/winxp/ks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/winxp/ks.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/pre2r2vm/winxp/nvkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/pre2r2vm/winxp/nvkd.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/x64/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/x64/SymbolCheck.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/x64/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/x64/cdb.exe -------------------------------------------------------------------------------- /PowerProcess/debugger/x64/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/x64/dbgeng.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/x64/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/x64/dbghelp.dll -------------------------------------------------------------------------------- /PowerProcess/debugger/x64/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/debugger/x64/symsrv.dll -------------------------------------------------------------------------------- /PowerProcess/start: -------------------------------------------------------------------------------- 1 | pab 2 | -------------------------------------------------------------------------------- /PowerProcess/stop: -------------------------------------------------------------------------------- 1 | pab 2 | -------------------------------------------------------------------------------- /PowerProcess/x64/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/SymbolCheck.dll -------------------------------------------------------------------------------- /PowerProcess/x64/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/dbgeng.dll -------------------------------------------------------------------------------- /PowerProcess/x64/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/dbghelp.dll -------------------------------------------------------------------------------- /PowerProcess/x64/kd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/kd.exe -------------------------------------------------------------------------------- /PowerProcess/x64/sym/ntkrnlmp.pdb/D09C50A7FE774FA39C3704BEBECCAC2E1/ntkrnlmp.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/sym/ntkrnlmp.pdb/D09C50A7FE774FA39C3704BEBECCAC2E1/ntkrnlmp.pdb -------------------------------------------------------------------------------- /PowerProcess/x64/sym/ntkrnlmp.pdb/DD08DD42692B43F199A079D60E79D2171/ntkrnlmp.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/sym/ntkrnlmp.pdb/DD08DD42692B43F199A079D60E79D2171/ntkrnlmp.pdb -------------------------------------------------------------------------------- /PowerProcess/x64/sym/pingme.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /PowerProcess/x64/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/symsrv.dll -------------------------------------------------------------------------------- /PowerProcess/x64/winext/ext.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/winext/ext.dll -------------------------------------------------------------------------------- /PowerProcess/x64/winext/logexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/winext/logexts.dll -------------------------------------------------------------------------------- /PowerProcess/x64/winxp/exts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/winxp/exts.dll -------------------------------------------------------------------------------- /PowerProcess/x64/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x64/winxp/kdexts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/SymbolCheck.dll -------------------------------------------------------------------------------- /PowerProcess/x86/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/dbgeng.dll -------------------------------------------------------------------------------- /PowerProcess/x86/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/dbghelp.dll -------------------------------------------------------------------------------- /PowerProcess/x86/kd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/kd.exe -------------------------------------------------------------------------------- /PowerProcess/x86/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/symsrv.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/acpikd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/acpikd.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/default.tmf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/default.tmf -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/exts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/exts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/fltkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/fltkd.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/kdexts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/ks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/ks.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/minipkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/minipkd.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/ndiskd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/ndiskd.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/ntsdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/ntsdexts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/nvkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/nvkd.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/rpcexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/rpcexts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/scsikd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/scsikd.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/system.tmf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/system.tmf -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/vdmexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/vdmexts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/wmitrace.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/wmitrace.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/wow64exts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/wow64exts.dll -------------------------------------------------------------------------------- /PowerProcess/x86/winxp/wudfext.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/PowerProcess/x86/winxp/wudfext.dll -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/README.md -------------------------------------------------------------------------------- /RECON/Create-TGSInMemory.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RECON/Create-TGSInMemory.ps1 -------------------------------------------------------------------------------- /RECON/Get-ActiveDirectoryInfo.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RECON/Get-ActiveDirectoryInfo.ps1 -------------------------------------------------------------------------------- /RECON/Get-FileHashes.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RECON/Get-FileHashes.exe -------------------------------------------------------------------------------- /RECON/Scan-SPN.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RECON/Scan-SPN.ps1 -------------------------------------------------------------------------------- /RECON/WhiteRabbit.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /RGPPP/Get-LocalAdminGPPAccess.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RGPPP/Get-LocalAdminGPPAccess.ps1 -------------------------------------------------------------------------------- /RGPPP/test.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RGPPP/test.ps1 -------------------------------------------------------------------------------- /RWMC/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/README.md -------------------------------------------------------------------------------- /RWMC/White-Rabbit.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/White-Rabbit.ps1 -------------------------------------------------------------------------------- /RWMC/bufferCommand.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/bufferCommand.txt -------------------------------------------------------------------------------- /RWMC/debugger/2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMC/debugger/2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/2r2/cdb.exe -------------------------------------------------------------------------------- /RWMC/debugger/2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/2r2/dbghelp.dll -------------------------------------------------------------------------------- /RWMC/debugger/2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/2r2/symsrv.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2/cdb.exe -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2/dbghelp.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2/sym/ntoskrnl.exe/53085AF2789000/ntoskrnl.ex_: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2/symsrv.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/cdb.exe -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/dbgeng.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/dbghelp.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/symsrv.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/winxp/kdexts.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/winxp/ks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/winxp/ks.dll -------------------------------------------------------------------------------- /RWMC/debugger/pre2r2vm/winxp/nvkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/pre2r2vm/winxp/nvkd.dll -------------------------------------------------------------------------------- /RWMC/debugger/x64/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/x64/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMC/debugger/x64/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/x64/dbgeng.dll -------------------------------------------------------------------------------- /RWMC/debugger/x64/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/x64/dbghelp.dll -------------------------------------------------------------------------------- /RWMC/debugger/x64/kd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/x64/kd.exe -------------------------------------------------------------------------------- /RWMC/debugger/x64/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/x64/symsrv.dll -------------------------------------------------------------------------------- /RWMC/debugger/x64/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/debugger/x64/winxp/kdexts.dll -------------------------------------------------------------------------------- /RWMC/kernel/kernel.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/kernel/kernel.ps1 -------------------------------------------------------------------------------- /RWMC/legacyOS/Get-InformationsFromLegacyOS.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/legacyOS/Get-InformationsFromLegacyOS.ps1 -------------------------------------------------------------------------------- /RWMC/local/Dump-Hashes.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/local/Dump-Hashes.ps1 -------------------------------------------------------------------------------- /RWMC/logging/Logging.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/logging/Logging.ps1 -------------------------------------------------------------------------------- /RWMC/misc/Active Directory.vss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/Active Directory.vss -------------------------------------------------------------------------------- /RWMC/misc/Application.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/Application.evtx -------------------------------------------------------------------------------- /RWMC/misc/Microsoft-Windows-PowerShell%4Operational.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/Microsoft-Windows-PowerShell%4Operational.evtx -------------------------------------------------------------------------------- /RWMC/misc/Security.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/Security.evtx -------------------------------------------------------------------------------- /RWMC/misc/System.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/System.evtx -------------------------------------------------------------------------------- /RWMC/misc/reverseshell.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/reverseshell.xml -------------------------------------------------------------------------------- /RWMC/misc/symbols14393/lsasrv.pdb/0F5BDA11B3C84450851B289DAC69A45D1/lsasrv.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/symbols14393/lsasrv.pdb/0F5BDA11B3C84450851B289DAC69A45D1/lsasrv.pdb -------------------------------------------------------------------------------- /RWMC/misc/symbols14393/lsass.pdb/26BFC9FA24704D54BBFB0ED80C83E3C21/lsass.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/symbols14393/lsass.pdb/26BFC9FA24704D54BBFB0ED80C83E3C21/lsass.pdb -------------------------------------------------------------------------------- /RWMC/misc/symbols14393/wdigest.pdb/21D25F1A23F54473803A6A5996CD82F01/wdigest.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/symbols14393/wdigest.pdb/21D25F1A23F54473803A6A5996CD82F01/wdigest.pdb -------------------------------------------------------------------------------- /RWMC/misc/symbols2016TP3/lsasrv.pdb/A62F56DA316A414BBBDEC8E99FFAABDF1/lsasrv.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/symbols2016TP3/lsasrv.pdb/A62F56DA316A414BBBDEC8E99FFAABDF1/lsasrv.pdb -------------------------------------------------------------------------------- /RWMC/misc/symbols2016TP3/lsass.pdb/853157515AC443249F1E8BCF58DE9A5E1/lsass.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/symbols2016TP3/lsass.pdb/853157515AC443249F1E8BCF58DE9A5E1/lsass.pdb -------------------------------------------------------------------------------- /RWMC/misc/symbols2016TP3/wdigest.pdb/14AD9FD1DEA649749E939C18154D67E11/wdigest.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/misc/symbols2016TP3/wdigest.pdb/14AD9FD1DEA649749E939C18154D67E11/wdigest.pdb -------------------------------------------------------------------------------- /RWMC/msdsc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/msdsc.exe -------------------------------------------------------------------------------- /RWMC/snapshot/snapshot.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/snapshot/snapshot.ps1 -------------------------------------------------------------------------------- /RWMC/supportedOS/Get-InformationsFromSupportedOS.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/supportedOS/Get-InformationsFromSupportedOS.ps1 -------------------------------------------------------------------------------- /RWMC/utilities/Crypto.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/utilities/Crypto.ps1 -------------------------------------------------------------------------------- /RWMC/utilities/DESX.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/utilities/DESX.ps1 -------------------------------------------------------------------------------- /RWMC/utilities/Decode-FromBase64.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/utilities/Decode-FromBase64.ps1 -------------------------------------------------------------------------------- /RWMC/utilities/Domain.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/utilities/Domain.ps1 -------------------------------------------------------------------------------- /RWMC/utilities/Utils.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/utilities/Utils.ps1 -------------------------------------------------------------------------------- /RWMC/utilities/VIP.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMC/utilities/VIP.ps1 -------------------------------------------------------------------------------- /RWMCRS/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/README.md -------------------------------------------------------------------------------- /RWMCRS/White-Rabbit.ps1: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/White-Rabbit.ps1 -------------------------------------------------------------------------------- /RWMCRS/bufferCommand.txt: -------------------------------------------------------------------------------- 1 | dw 00007ff9605c5e00 L0 -------------------------------------------------------------------------------- /RWMCRS/debugger/2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/2r2/cdb.exe -------------------------------------------------------------------------------- /RWMCRS/debugger/2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/2r2/dbghelp.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/2r2/symsrv.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2/cdb.exe -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2/dbghelp.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2/symsrv.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/cdb.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/cdb.exe -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/dbgeng.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/dbghelp.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/symsrv.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/winxp/kdexts.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/winxp/ks.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/winxp/ks.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/pre2r2vm/winxp/nvkd.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/pre2r2vm/winxp/nvkd.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/x64/SymbolCheck.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/x64/SymbolCheck.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/x64/dbgeng.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/x64/dbgeng.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/x64/dbghelp.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/x64/dbghelp.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/x64/kd.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/x64/kd.exe -------------------------------------------------------------------------------- /RWMCRS/debugger/x64/symsrv.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/x64/symsrv.dll -------------------------------------------------------------------------------- /RWMCRS/debugger/x64/winxp/kdexts.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/debugger/x64/winxp/kdexts.dll -------------------------------------------------------------------------------- /RWMCRS/misc/Active Directory.vss: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/Active Directory.vss -------------------------------------------------------------------------------- /RWMCRS/misc/Application.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/Application.evtx -------------------------------------------------------------------------------- /RWMCRS/misc/Microsoft-Windows-PowerShell%4Operational.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/Microsoft-Windows-PowerShell%4Operational.evtx -------------------------------------------------------------------------------- /RWMCRS/misc/Security.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/Security.evtx -------------------------------------------------------------------------------- /RWMCRS/misc/System.evtx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/System.evtx -------------------------------------------------------------------------------- /RWMCRS/misc/symbols2016TP3/lsasrv.pdb/A62F56DA316A414BBBDEC8E99FFAABDF1/lsasrv.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/symbols2016TP3/lsasrv.pdb/A62F56DA316A414BBBDEC8E99FFAABDF1/lsasrv.pdb -------------------------------------------------------------------------------- /RWMCRS/misc/symbols2016TP3/lsass.pdb/853157515AC443249F1E8BCF58DE9A5E1/lsass.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/symbols2016TP3/lsass.pdb/853157515AC443249F1E8BCF58DE9A5E1/lsass.pdb -------------------------------------------------------------------------------- /RWMCRS/misc/symbols2016TP3/wdigest.pdb/14AD9FD1DEA649749E939C18154D67E11/wdigest.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/misc/symbols2016TP3/wdigest.pdb/14AD9FD1DEA649749E939C18154D67E11/wdigest.pdb -------------------------------------------------------------------------------- /RWMCRS/msdsc.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/giMini/PowerMemory/HEAD/RWMCRS/msdsc.exe --------------------------------------------------------------------------------