AS2Go

2026.5.21.1342

AS2Go is an acronym for Attack Scenario To Go.

Minimum PowerShell version

7.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name AS2Go

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name AS2Go

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

HerrHozi

Copyright

Package Details

Author(s)

Holger Zimmermann | zimmermann.holger@live.de

Dependencies

This module has no dependencies.

Release Notes

2026.5.21.957
       - Added Golden Ticket Attack to Phase 12 Domain Persistence.

2026.5.18.1200
       - Added GPO Template modification to Phase 12 Domain Persistence.

v2026.5.7.1034
- Privileged Escalation via ESC1 added.
       - Minor bug fixes and performance improvements.

2026.3.17.1034
- Initial release of AS2Go on PS Gallery.

FileList

AS2Go.nuspec
AS2Go.json
Phases\KillChain.png
Phases\phase_020.html
Phases\step_009.png
Private\Add-TaskElementToFileScheduleTaskXml.ps1
Private\Get-ADUserDetails.ps1
Private\Get-DomainPWDetails.ps1
Private\Get-OSVersion.ps1
Private\Invoke-ADOUPathCheck.ps1
Private\Invoke-NewAS2GoAssets.ps1
Private\New-PasswordSprayAttack.ps1
Private\Set-ASConfig.ps1
Private\Show-PiskelFile.ps1
Private\Test-AccessDirectory.ps1
Public\Invoke-Phase09ReconnaissancePriviledged.ps1
LabSetup\ADCSGoat\ADCSGoat.psm1
LabSetup\PSCertutil\parseModifyFlag.ps1
LabSetup\ADCSGoat\Public\Deploy-AGInfrastructure.ps1
LabSetup\PSCertutil\Research\EnrollmentAgentRights.xml
LabSetup\ADCSGoat\Private\Template\ESC3c1.json
Phases\phase_000.html
Phases\phase_poi.html
Phases\step_010.png
Private\Add-TrusteeToFileGroupsXml.ps1
Private\Get-ADUserNameBasedOnRID.ps1
Private\Get-DomainsInForest.ps1
Private\Get-PriviledgeGroupMember.ps1
Private\Invoke-BackUpShare.ps1
Private\Invoke-NextStep.ps1
Private\New-PrivilegeEscalationRecommendation.ps1
Private\Set-AttackScope.ps1
Private\Show-Syntax.ps1
Private\Test-ADLogon.ps1
Public\Invoke-Phase10AccessSensitiveData.ps1
LabSetup\AdminPC\Create-DA-Tickets.ps1
LabSetup\PSCertutil\parseOfficerRight.ps1
LabSetup\ADCSGoat\Public\Find-AGEnrollmentService.ps1
LabSetup\PSCertutil\Research\EnrollmentAgentRightsFromCertUtil.xml
LabSetup\ADCSGoat\Private\Template\ESC3c1.ps1
AS2Go.piskel
Phases\phase_004.html
Phases\step_000.png
Phases\step_011.png
Private\ChooseADOrganizationalUnit.ps1
Private\Get-Answer.ps1
Private\Get-DomainType.ps1
Private\Get-RandomPassword.ps1
Private\Invoke-DemoAccounts.ps1
Private\Invoke-Output.ps1
Private\New-RandomPassword.ps1
Private\Set-BestDomainController.ps1
Private\Start-ExportDPAPIMasterKey.ps1
Private\Undo-UserManipulation.ps1
Public\Invoke-Phase11ExfiltrateSensitiveData.ps1
LabSetup\AdminPC\Create-Shortcut.ps1
LabSetup\PSCertutil\PSCertutil.psd1
LabSetup\ADCSGoat\Public\Install-ADCSGoat.ps1
LabSetup\PSCertutil\Research\Get-EnrollmentAgentRights.ps1
LabSetup\ADCSGoat\Private\Template\ESC3c1.xml
AS2Go.psd1
Phases\phase_005.html
Phases\step_001.png
Phases\step_012.png
Private\Clear-ExfiltrationFolder.ps1
Private\Get-AS2GoGroups.ps1
Private\Get-FileVersion.ps1
Private\Get-RiskyEnrolledTemplates.ps1
Private\Invoke-DNSZoneUpdate.ps1
Private\Invoke-PassTheTicketAttack.ps1
Private\New-RansomwareAttack.ps1
Private\Set-BreakGlassAccount.ps1
Private\Start-GroupManipulation.ps1
Private\Update-WindowTitle.ps1
Public\Invoke-Phase12DomainCompromisePersistence.ps1
LabSetup\Encryption\AS2Go.pfx
LabSetup\PSCertutil\PSCertutil.psm1
LabSetup\ADCSGoat\Public\New-AGBlankTemplateObject.ps1
LabSetup\PSCertutil\Research\Get-TemplateInfo.ps1
LabSetup\ADCSGoat\Private\Template\ESC3c2.json
AS2Go.psm1
Phases\phase_006.html
Phases\step_002.png
Phases\step_020.png
Private\Confirm-PoSHModuleAvailabliy.ps1
Private\Get-AS2GoSettings.ps1
Private\Get-FolderPath.ps1
Private\Get-RunTime.ps1
Private\Invoke-FakeRansomwarePopUp.ps1
Private\Invoke-PrivilegeEscalationViaESC1.ps1
Private\New-TargetBase.ps1
Private\Set-DenyPermission.ps1
Private\Start-KerberoastingAttack.ps1
Private\Write-Highlight.ps1
Public\Start-AS2GoDemo.ps1
LabSetup\Encryption\preview.html
LabSetup\PSCertutil\README.md
LabSetup\ADCSGoat\Public\Publish-AGCertficateTemplate.ps1
LabSetup\PSCertutil\Research\InterfaceFlags.txt
LabSetup\ADCSGoat\Private\Template\ESC3c2.ps1
README.md
Phases\phase_007.html
Phases\step_003.png
Phases\step_poi.png
Private\Convert-FromDNToCN.ps1
Private\Get-ASConfig.ps1
Private\Get-ForestInfo.ps1
Private\Get-SessionsOnDC.ps1
Private\Invoke-FileEncryption.ps1
Private\Invoke-PrivilegesEscalationViaLocalSystem.ps1
Private\New-UserManipulation.ps1
Private\Set-gPCmachineExtensionNames.ps1
Private\Start-PasswordSprayAttack.ps1
Private\Write-HighlightedCode.ps1
Public\Start-Sandbox.ps1
LabSetup\PSCertutil\certutil.crescendo.config.json
LabSetup\ShareContent\my-passwords.txt
LabSetup\ADCSGoat\Public\Set-AGEnrollmentServiceFullName.ps1
LabSetup\PSCertutil\Research\UnparsedEnrollmentAgentOutputFromCertutil.xml
LabSetup\ADCSGoat\Private\Template\ESC3c2.xml
Setup.md
Phases\phase_007_PtH.html
Phases\step_004.png
Private\Add-ADCSForAS2Go.ps1
Private\Disable-ADOUInheritance.ps1
Private\Get-BestDomainController.ps1
Private\Get-FunctionName.ps1
Private\Get-SYSVOLGPOPerms.ps1
Private\Invoke-ForestOverview.ps1
Private\Invoke-VerifyConfiguration.ps1
Private\Request-PfxWithCertify.ps1
Private\Set-HoneyToken.ps1
Private\Start-Phase10DataAccess.ps1
Private\Write-Log.ps1
Tools\AS2Go-Tools_v2.7z
LabSetup\PSCertutil\parseAuditFilter.ps1
LabSetup\ShareContent\ntds.dit
LabSetup\ADCSGoat\Public\Set-AGTemplateAce.ps1
LabSetup\ADCSGoat\Private\Template\ESC1.json
LabSetup\ADCSGoat\Private\Template\ESC4.json
LabSetup\AS2Go-DemoUsers.csv
Phases\phase_007_PtT.html
Phases\step_005.png
Private\Add-ASConfig.ps1
Private\Get-ADCSCertficateTemplates.ps1
Private\Get-BreakGlassAccount.ps1
Private\Get-GPOLinkedOnDomain.ps1
Private\Get-TieringAssets.ps1
Private\Invoke-GoldenTicket.ps1
Private\New-BackDoorUser.ps1
Private\Request-TGTWithRubeus.ps1
Private\Set-NewBackgroundColor.ps1
Private\Start-Phase11DataExfiltration.ps1
Private\_MySandbox.ps1
Tools\AS2Go-Tools_v2.zip
LabSetup\PSCertutil\parseCAAdministrator.ps1
LabSetup\thumbnailPhotos\AS2Go-admin.jpg
LabSetup\ADCSGoat\Public\Set-AGTemplateProperty.ps1
LabSetup\ADCSGoat\Private\Template\ESC1.ps1
LabSetup\ADCSGoat\Private\Template\ESC4.ps1
LabSetup\my-passwords.txt
Phases\phase_008.html
Phases\step_006.png
Private\Add-GPOMemberToBuiltinGroups.ps1
Private\Get-ADCSComponents.ps1
Private\Get-CachedKerberosTicketsClient.ps1
Private\Get-GPOSettings.ps1
Private\Get-UPNSuffix.ps1
Private\Invoke-GroupManipulation.ps1
Private\New-BackUpShare.ps1
Private\Restart-VictimMachines.ps1
Private\Set-NewColorSchema.ps1
Private\Start-Phase12DomainCompromise.ps1
Private\_MyTemplate.ps1
Tools\baretail.exe
LabSetup\PSCertutil\parseCertificateManager.ps1
LabSetup\thumbnailPhotos\AS2Go-helpdesk.jpg
LabSetup\ADCSGoat\Public\Uninstall-ADCSGoat.ps1
LabSetup\ADCSGoat\Private\Template\ESC1.xml
LabSetup\ADCSGoat\Private\Template\ESC4.xml
LabSetup\New-AS2GoOUs.ps1
Phases\phase_009.html
Phases\step_007.png
Private\Add-GPOScheduleTask.ps1
Private\Get-ADCSEnrollmentServices.ps1
Private\Get-ComputerInformation.ps1
Private\Get-Honeytoken.ps1
Private\Get-VulnerableCertificateTemplate.ps1
Private\Invoke-KerberoastingAttack.ps1
Private\New-DemoAccount.ps1
Private\Search-ADGroupMemberShip.ps1
Private\Set-TextMarker.ps1
Private\Start-Reconnaissance.ps1
Public\Initialize-2GoLabConfiguration.ps1
Tools\PsExec.exe
LabSetup\PSCertutil\parseDisableExtensionList.ps1
LabSetup\thumbnailPhotos\AS2Go-victim.jpg
LabSetup\PSCertutil\Research\Convert-EnrollmentAgentBlobToByteArray.ps1
LabSetup\ADCSGoat\Private\Template\ESC2.json
LabSetup\ADCSGoat\Private\Template\ESC9.json
LabSetup\New-AS2GoUsers.ps1
Phases\phase_010.html
Phases\step_007_PtH.png
Private\Add-GPOUserRightAssignments.ps1
Private\Get-ADCSEnterpriseCA.ps1
Private\Get-DCLiveMetrics.ps1
Private\Get-LogonServerFQDN.ps1
Private\Install-ADCSCertificateAuthority.ps1
Private\Invoke-LogDirectory.ps1
Private\New-GpCExtention.ps1
Private\Search-ProcessForAS2GoUsers.ps1
Private\Set-UPNSuffix.ps1
Private\Start-ReconnaissanceExtended.ps1
Public\Invoke-Phase04BruteForceAttack.ps1
Tools\PsExec64.exe
LabSetup\PSCertutil\parseEditFlag.ps1
LabSetup\thumbnailPhotos\AS2Go_BD-User.jpg
LabSetup\PSCertutil\Research\EditFlags.txt
LabSetup\ADCSGoat\Private\Template\ESC2.ps1
LabSetup\ADCSGoat\Private\Template\ESC9.ps1
Phases\AS2Go_BD-User.jpg
Phases\phase_011.html
Phases\step_007_PtT.png
Private\Add-GroupElementToFileGroupsXml.ps1
Private\Get-ADGroupSamAccountNameBasedOnRID.ps1
Private\Get-DemoAccounts.ps1
Private\Get-NumberOfDCs.ps1
Private\Install-ADCSEnrollementServices.ps1
Private\Invoke-MaliciousToolsSetup.ps1
Private\New-GPOManipulation.ps1
Private\Select-ADObject.ps1
Private\Show-DecisionPrompt.ps1
Private\Start-UserManipulation.ps1
Public\Invoke-Phase06Reconnaissance.ps1
Tools\_readme.md
LabSetup\PSCertutil\parseEnrollmentAgent.ps1
LabSetup\ADCSGoat\en-US\about_Build-LocksmithLab.help.txt
LabSetup\PSCertutil\Research\EnrollmentAgentBlobFromCertutil.txt
LabSetup\ADCSGoat\Private\Template\ESC2.xml
LabSetup\ADCSGoat\Private\Template\ESC9.xml
Phases\phase_012.html
Phases\step_008.png
Private\Add-RandomUsersToAccountOperators.ps1
Private\Get-AdminWithSPN.ps1
Private\Get-DirContent.ps1
Private\Get-OSBuild.ps1
Private\Invoke-ADCSSetup.ps1
Private\Invoke-MDITriggers.ps1
Private\New-HoneytokenActivity.ps1
Private\Set-AlternativeAccount.ps1
Private\Show-Phases.ps1
Private\Stop-AS2GoDemo.ps1
Public\Invoke-Phase07PrivilegeEscalation.ps1
LabSetup\ADCSGoat\ADCSGoat.psd1
LabSetup\PSCertutil\parseInterfaceFlag.ps1

Version History

Version	Downloads	Last updated
2026.5.21.1342 (current version)	0	5/21/2026
2026.5.7.1034	12	5/7/2026
2026.5.6.502	6	5/6/2026
2026.5.5.896	2	5/5/2026
2026.5.5.532	5	5/5/2026
2026.3.17.1034	20	3/23/2026