Invoke-Mimikatz:credential_theft
Invoke-Expression:code_execution
IEX:code_execution
Invoke-WebRequest:download
DownloadString:download
DownloadFile:download
Net.WebClient:download
Start-BitsTransfer:download
Invoke-Shellcode:code_execution
Invoke-DllInjection:injection
Invoke-ReflectivePEInjection:injection
Invoke-TokenManipulation:privilege_escalation
Get-GPPPassword:credential_theft
Get-Keystrokes:keylogging
Get-TimedScreenshot:surveillance
Get-VaultCredential:credential_theft
Get-ServiceUnquoted:enumeration
Invoke-PowerShellTcp:reverse_shell
Invoke-PowerShellWmi:lateral_movement
Invoke-Obfuscation:evasion
Out-EncodedCommand:evasion
Set-MasterBootRecord:destructive
Invoke-Kerberoast:credential_theft
Invoke-DCShadow:credential_theft
Invoke-DCSync:credential_theft
Invoke-NinjaCopy:credential_theft
Invoke-PSInject:injection
Invoke-SMBExec:lateral_movement
Invoke-WMIExec:lateral_movement
Invoke-PortScan:reconnaissance
Invoke-BloodHound:reconnaissance
Invoke-SharpHound:reconnaissance
New-HoneyHash:deception
Add-Exfiltration:exfiltration
Do-Exfiltration:exfiltration
Invoke-CredentialInjection:credential_theft
Invoke-PsUACme:privilege_escalation
Invoke-Tater:privilege_escalation
Invoke-WScriptBypassUAC:privilege_escalation
Invoke-AllChecks:enumeration
PowerView:reconnaissance
PowerUp:enumeration
Get-System:privilege_escalation
AmsiBypass:evasion
Disable-AV:evasion
nishang:offensive_toolkit
powercat:reverse_shell
