We will use it for Enumeration. Based on .NET Powershell is actually System.Management.Automation.dll not just powershell exe
Loading a script
- Dot sourcing - path of the script
- Import-Module command - can be used for a module or the entire script
- Get Command -Module Module name - will list all commands
Download execute cradle - to get scripts remotely
Interacting with AD using PowerShell
- ADSI
- .NET Classes
- Native Executable
- WMI using powershell
- MS AD Module
Language modes in PowerShell - AD Module only works in CLM
Execution Policy is not a security layer - just preventing accidental execution Offensive PowerShell is not dead
Load a script from disk
Load remotely
iex is widely abused and hence ms has defenses
We can bypass these
Invisishell
