KB5035238: Security update for Windows 10, version 1507 and Windows Server 2016 for RSAT: January 31, 2024

KB5035238: Security update for Windows 10, version 1507 and Windows Server 2016 for RSAT: January 31, 2024 Summary This article describes a security update for Windows 10, version 1507 and Windows Server 2016 for Remote Server Administration Tools RSAT. This update resolves the security issues th...

FarsightAD - PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise

FarsightAD is a PowerShell script that aim to help uncovering eventual persistence mechanisms deployed by a threat actor following an Active Directory domain compromise. The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication...

KB5009497: Security update for Windows 10, version 1607 for RSAT: January 11, 2022

KB5009497: Security update for Windows 10, version 1607 for RSAT: January 11, 2022 Summary This article describes a security update for Windows 10, version 1607 for Remote Server Administration Tools RSAT. This update resolves the security issues that are described in the following article:...

GPOZaurr - Group Policy Eater Is A PowerShell Module That Aims To Gather Information About Group Policies

Group Policy Eater is a PowerShell module that aims to gather information about Group Policies but also allows fixing issues that you may find in them. Installing GPOZaurr requires RSAT installed to provide results. If you don't have them you can install them as below. Keep in mind it also instal...

Commando VM — Turn Your Windows Computer Into A Hacking Machine

FireEye today released Commando VM, which according to the company, is a "first of its kind Windows-based security distribution for penetration testing and red teaming." When it comes to the best-operating systems for hackers, Kali Linux is always the first choice for penetration testers and...

ADModule - Microsoft Signed ActiveDirectory PowerShell Module

Microsoft signed DLL for the ActiveDirectory PowerShell module Just a backup for the Microsoft's ActiveDirectory PowerShell module from Server 2016 with RSAT and module installed. The DLL is usually found at this path: C:\Windows\Microsoft.NET\assembly\GAC64\Microsoft.ActiveDirectory.Management a...

Active Directory Reconnaissance: ADRecon

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

Find Vulnerable Settings in AD Group Policy: Grouper

Grouper is a slightly wobbly PowerShell module designed for pentesters and redteamers although probably also useful for sysadmins which sifts through the usually very noisy XML output from the Get-GPOReport cmdlet part of Microsoft’s Group Policy module and identifies all the settings defined in...

KB2693643_RSAT_Identity

RSAT-Identity...

2022_1OOB_RSATInstallCheck

RSATInstallCheck...