Commands/Tools that do not fit elsewhere

search a directory for ssh private keys

grep -rnE '^\-{5}BEGIN [A-Z0-9]+ PRIVATE KEY\-{5}$' /* 2>/dev/null

Windows Living Off the Land - Quick Reference

Check PowerShell command history for credentials

Get-Content $env:APPDATA\Microsoft\Windows\Powershell\PSReadline\ConsoleHost_history.txt

Downgrade PowerShell to evade Script Block Logging

powershell.exe -version 2

Check for other logged-in users

qwinsta

Check Windows Defender status (CMD)

sc query windefend

Domain and trust enumeration via WMI

wmic ntdomain get Caption,Description,DnsForestName,DomainName,DomainControllerAddress

Dsquery - find users with PASSWD_NOTREQD

dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32))" -attr distinguishedName userAccountControl

Dsquery - find Domain Controllers

dsquery * -filter "(userAccountControl:1.2.840.113556.1.4.803:=8192)" -limit 5 -attr sAMAccountName