p0w3rsh3ll
p0w3rsh3ll
Avoid the Turkish-I problem or the impact of other languages when the module and its function are used in a different culture than en-US?
Steps to reproduce ------------------ Use this post that contains an example https://oddvar.moe/2018/04/10/persistence-using-globalflags-in-image-file-execution-options-hidden-from-autoruns-exe/ Other examples: https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
Steps to reproduce ------------------ See https://www.youtube.com/watch?v=wxmxxgL6Nz8 See https://specterops.io/.../SpecterOps_Subverting_Trust_in_Windows.pdf See https://github.com/mattifestation/PoCSubjectInterfacePackage See https://gist.github.com/mattifestation/439720e2379f4bc93f0ed3ce88814b5b See https://www.youtube.com/watch?v=I3jCGBzMmzw ```powershell ``` Expected behavior ----------------- List registered trust providers List registered subject interface packages (SIP) ```none...
Steps to reproduce ------------------ ```powershell dir c:\windows\AppPatch\sysmain.sdb dir "hklm:\software\microsoft\windows nt\currentversion\appcompatflags\installedsdb" # Custom databases are stored in: dir C:\windows\AppPatch\custom dir c:\windows\AppPatch\AppPatch64\Custom dir "hklm:\software\microsoft\windows nt\currentversion\appcompatflags\custom" ``` Expected behavior ----------------- List if any...
Steps to reproduce ------------------ ```powershell Get-DscConfiguration Get-DscConfigurationStatus Get-DscLocalConfigurationManager ``` Expected behavior ----------------- List mof files stored locally? ```none dir C:\Windows\system32\Configuration\*.mof ``` Actual behavior --------------- They are not considered as a...
The following article talks about: Background Task Support in WSL https://blogs.msdn.microsoft.com/commandline/2017/12/04/background-task-support-in-wsl/ Does or will the "Windows Subsystem for Linux" (WSL) provide a persistence mecanism?
Steps to reproduce ------------------ ```powershell Get-PSAutorun -ScheduledTasks | ? { -not($_.Version) } | ogv -PassThru ``` Expected behavior ----------------- TBD Actual behavior --------------- ```none Path : C:\Windows\system32\Tasks\fake name Item :...
Steps to reproduce ------------------ ```powershell Get-PSAutorun -ScheduledTasks | ? { -not($_.Version) } | ogv -PassThru ``` Expected behavior ----------------- Correct image path Actual behavior --------------- ```none Path : C:\Windows\system32\Tasks\Microsoft\SqlServerExtension\SqlServerExtensionPermissionProvider Item...
Steps to reproduce ------------------ ```powershell Path : C:\Windows\system32\Tasks\\RtkAudUService64_BG Item : RtkAudUService64_BG Category : Task Value : ""C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_5d66730f577c60c7\RtkAudUService64.exe"" -background ImagePath : C:\Windows\system32\.exe ``` Expected behavior ----------------- Correct ImagePath
This change is [](https://reviewable.io/reviews/powershell/psdscresources/110)