Invoke-Apex is a PowerShell-based toolkit consisting of a collection of techniques and tradecraft for use in red team, post-exploitation, adversary simulation, or other offensive security tasks. It can also be useful in identifying lapses in “malicious” activity detection processes for defenders as well.
I wrote this toolkit with the intention of obtaining a deeper understanding of the techniques in use by real-world adversaries (APTs) while applying similar techniques in my work (Pentesting). I also wanted to create a tool that could act a starting “point” (hence “Apex”) with regard to post-exploitation of a target system. I’m sure there are some bugs, and some of the code could probably (very likely) be more efficient (I’m not a “developer” by any stretch of the imagination) … but hey, it appears to serve its purpose for the time being. 😉
Any techniques, where applicable, are credited within the source code of the included .ps1 scripts, so thanks to everyone who contributes to offensive/defensive security research! If I forgot to mention or credit a technique to a particular researcher, don’t hesitate to ping me and I’ll add it to the source. For the most part, many of the techniques were derived from Mitre ATT&CK and the LOLBAS projects.
The Mitre ATT&CK Reference component
Each technique or method in the toolkit is mapped back to a Mitre ATT&CK Technique ID where applicable, and the techniques and modules which they can be found in can be viewed with the Invoke-MitreReference -Help command.
PS> Invoke-MitreReference -Help
You can also lookup which Mitre ATT&CK techniques are in use, and in which modules with the
-Tid parameter and specifying a Mitre ATT&CK Technique ID as a value:
Listing all available functions
Copyright (c) 2019, SecureMode
All rights reserved.