1. AV bypass with in-memory process hollwing. just IEX it and load it in memory: https://gist.github.com/qtc-de/1ecc57264c8270f869614ddd12f2f276
  2. This for any SQL exploitation related thing: https://github.com/Octoberfest7/OSEP-Tools/tree/main/sql
  3. This for CLM bypass: https://github.com/calebstewart/bypass-clm (comment the AMSI bypass patch piece of code)
  4. AD Enumeration: https://github.com/61106960/adPEAS
  5. Execute Bloodhound
  6. Execute LinPeas and WinPEAS on each machine to extract secrets and other important stuff.
  7. Ssh proxy