Tools used for Windows-based Assessments
- PowerShell Empire
- CimSweep
- Responder – A LLMNR, NBT-NS and MDNS poisoner
- BloodHound – Six Degrees of Domain Admin
- AD Control Path – Active Directory Control Paths auditing and graphing tools
- PowerSploit – A PowerShell Post-Exploitation Framework
- PowerView – Situational Awareness PowerShell framework
- PowerSCCM – Functions to facilitate connections to and queries from SCCM databases and WMI interfaces for both offensive and defensive applications.
- Empire – PowerShell and Python post-exploitation agent
- Mimikatz – Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
- UACME – Defeating Windows User Account Control
- Windows System Internals – (Including Sysmon etc.)
- Hardentools – Collection of simple utilities designed to disable a number of “features” exposed by Windows
- CrackMapExec – A swiss army knife for pentesting Windows/Active Directory environments
