Update malicious_powershell_strings_20250113.csv

Author: nterl0k

lookups/malicious_powershell_strings_20250113.csv

@@ -68,7 +68,6 @@ command,toolkit,match,description,mitre_tactic,mitre_technique,risk_score
 *Execute-OnTime*,Nishang,Execute-OnTime,A backdoor which can execute PowerShell scripts at a given time on a target.,,,
 *Gupt-Backdoor*,Nishang,Gupt-Backdoor,A backdoor which can receive commands and scripts from a WLAN SSID without connecting to it.,,,
 *Add-ScrnSaveBackdoor*,Nishang,Add-ScrnSaveBackdoor,A backdoor which can use Windows screen saver for remote command and script execution.,,,
-*Invoke-ADSBackdoor*,Nishang,Invoke-ADSBackdoor,A backdoor which can use alternate data streams and Windows Registry to achieve persistence.,,,
 *Add-RegBackdoor*,Nishang,Add-RegBackdoor,A backdoor which uses well known Debugger trick to execute payload with Sticky keys and Utilman (Windows key + U).,,,
 *Set-RemoteWMI*,Nishang,Set-RemoteWMI,Modify permissions of DCOM and WMI namespaces to allow access to a non-admin user.,,,
 *Set-RemotePSRemoting*,Nishang,Set-RemotePSRemoting,Modify permissions of PowerShell remoting to allow access to a non-admin user.,,,
@@ -87,11 +86,9 @@ command,toolkit,match,description,mitre_tactic,mitre_technique,risk_score
 *Get-LSASecret*,Nishang,Get-LSASecret,Get LSA Secret from a target.,,,
 *Get-PassHashes*,Nishang,Get-PassHashes,Get password hashes from a target.,,,
 *Get-WLAN-Keys*,Nishang,Get-WLAN-Keys,Get WLAN keys in plain text from a target.,,,
-*Invoke-MimikatzWdigestDowngrade*,Nishang,Invoke-MimikatzWdigestDowngrade,Dump user passwords in plain on Windows 8.1 and Server 2012,,,
 *Keylogger*,Nishang,Keylogger,Log keystrokes from a target.,,,
 *Get-PassHints*,Nishang,Get-PassHints,Get password hints of Windows users from a target.,,,
 *Show-TargetScreen*,Nishang,Show-TargetScreen,Connect back and Stream target screen using MJPEG.,,,
-*Invoke-Mimikatz*,Nishang,Invoke-Mimikatz,Load mimikatz in memory. Updated and with some customisation.,,,
 *Invoke-Mimikittenz*,Nishang,Invoke-Mimikittenz,Extract juicy information from target process (like browsers) memory using regex.,,,
 *Invoke-SSIDExfil*,Nishang,Invoke-SSIDExfil,"Exfiltrate information like user credentials, using WLAN SSID.",,,
 *Invoke-SessionGopher*,Nishang,Invoke-SessionGopher,Identify admin jump-boxes and/or computers used to access Unix machines.,,,
@@ -106,15 +103,13 @@ command,toolkit,match,description,mitre_tactic,mitre_technique,risk_score
 *Invoke-PowerShellTcpOneLineBind*,Nishang,Invoke-PowerShellTcpOneLineBind,Bind version of Invoke-PowerShellTcpOneLine.,,,
 *Invoke-PowerShellUdp*,Nishang,Invoke-PowerShellUdp,An interactive PowerShell reverse connect or bind shell over UDP,,,
 *Invoke-PowerShellUdpOneLine*,Nishang,Invoke-PowerShellUdpOneLine,Stripped down version of Invoke-PowerShellUdp.,,,
-*Invoke-PoshRatHttps*,Nishang,Invoke-PoshRatHttps,Reverse interactive PowerShell over HTTPS.,,,
-*Invoke-PoshRatHttp*,Nishang,Invoke-PoshRatHttp,Reverse interactive PowerShell over HTTP.,,,
+*Invoke-PoshRatHttp*,Nishang,Invoke-PoshRatHttp,Reverse interactive PowerShell over HTTP or HTTPS.,,,
 *Remove-PoshRat*,Nishang,Remove-PoshRat,Clean the system after using Invoke-PoshRatHttps,,,
 *Invoke-PowerShellWmi*,Nishang,Invoke-PowerShellWmi,Interactive PowerShell using WMI.,,,
 *Invoke-PowerShellIcmp*,Nishang,Invoke-PowerShellIcmp,An interactive PowerShell reverse shell over ICMP.,,,
 *Invoke-JSRatRundll*,Nishang,Invoke-JSRatRundll,An interactive PowerShell reverse shell over HTTP using rundll32.exe.,,,
 *Invoke-JSRatRegsvr*,Nishang,Invoke-JSRatRegsvr,An interactive PowerShell reverse shell over HTTP using regsvr32.exe.,,,
 *Add-Exfiltration*,Nishang,Add-Exfiltration,"Add data exfiltration capability to Gmail, Pastebin, a web server, and DNS to any script.",,,
-*Add-Persistence*,Nishang,Add-Persistence,Add reboot persistence capability to a script.,,,
 *Remove-Persistence*,Nishang,Remove-Persistence,Remote persistence added by the Add-Persistence script.,,,
 *Invoke-BadPotato*,PowerSharpPack,Invoke-BadPotato,itm4ns Printspoofer in C#.,,,
 *Invoke-BetterSafetyKatz*,PowerSharpPack,Invoke-BetterSafetyKatz,"Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into memory.",,,
@@ -195,4 +190,4 @@ command,toolkit,match,description,mitre_tactic,mitre_technique,risk_score
 *Invoke-UrbanBishop*,PowerSharpPack,Invoke-UrbanBishop,Creates a local RW section in UrbanBishop and then maps that section as RX into a remote process. Shellcode loading made easy.,,,
 *Invoke-Whisker*,PowerSharpPack,Invoke-Whisker,"Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding Shadow Credentials to the target account.",,,
 *Invoke-WireTap*,PowerSharpPack,Invoke-WireTap,".NET 4.0 Project to interact with video, audio and keyboard hardware.",,,
-*Invoke-winPEAS*,PowerSharpPack,Invoke-winPEAS,Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz,,,
+*Invoke-winPEAS*,PowerSharpPack,Invoke-winPEAS,Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz,,,