Awesome

PoshRandom

A not-at-all-ordered compilation of random security-related powershell scripts. Things land here if I don't know where else to put them ;-)

Here's a snapshot of what's in there at the moment:

• Disable-AMSI: function to disable AMSI for the current process
• Invoke-Rubeus: powershell wrapper for Ghostpack Rubeus by @harmj0y
• Invoke-Profiler: an old AD Recon tool. Propably doesn't work any more - work in progress
• ProcessReparent: contains "Start-ProcessWithFakeParent", which allows you to fake the parent process on a new process you start. Shamelessly copied from the great rasta-mouse.
• ProcessSuspendResume: allows you to invoke "Suspend-Process" and "Resume-Process" (like Process Explorer does to suspend a process)