绕过amsi:https://pentestlaboratories.com/2021/05/17/amsi-bypass-methods/
BloodHoundL:https://github.com/BloodHoundAD/BloodHound
sharpshooter:https://github.com/mdsecactivebreach/SharpShooter
mimikatz: https://github.com/gentilkiwi/mimikatz
amsibypass:https://github.com/boku7/injectAmsiBypass
OSEP-Code-Snippets:https://github.com/chvancooten/OSEP-Code-Snippets
1、Bypass-CLM,用于绕过Powershell Constrained语言模式: https://github.com/calebstewart/bypass-clm
2、混淆工具,可用于混淆Bypass-CLM: https://github.com/XenocodeRCE/neo-ConfuserEx
3、⭐BloodHound: https://github.com/BloodHoundAD/BloodHound
4、⭐PowerViews,枚举: https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
5、PowerUp,提权: https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
6、⭐PPLKiller,用于禁用LSA保护: https://github.com/RedCursorSecurityConsulting/PPLKiller
7、Rubeus: https://github.com/GhostPack/Rubeus
8、PrintSpoofer,存在Seimpersonate权限并开启spoofer服务时可以提权: https://github.com/itm4n/PrintSpoofer