AS2Go

2026.5.5.532

Public/Invoke-Phase12DomainCompromisePersistence.ps1

                                function Invoke-Phase12DomainCompromisePersistence {

    ################################################################################

    #####                                                                      ##### 

    #####    Run the Attack Phase - Domain Compromise & Persistence            #####                               

    #####                                                                      #####

    ################################################################################

    Param (  

        [switch]$UnAttended,

        [switch]$Continue,

        [Switch]$EnableLogging,

        [switch]$SkipImages,

        [switch]$SkipClearHost,

        [switch]$AS2GoDemo,

        [switch]$DelevoperMode

    )

    $CurrentFunction = Get-FunctionName

    Write-Log -Message "### Start Function $CurrentFunction ###"

    $StartRunTime = (Get-Date).ToString($Script:DateFormatLog)

    #################### main code | out- host #####################

    If ($DelevoperMode) {

        $SkipImages = $true

        $SkipClearHost = $true

        $EnableLogging = $true

    }

    If ($SkipSensitiveDataAccess) {

        Write-Log -Message "Skipped Attack Phase - $($Script:Phase12).toupper()"

    }

    else {

        If (-not $SkipClearHost) { Clear-Host }

        If (-not $AS2GoDemo) { 

            Set-NewColorSchema -NewStage $Script:InitialStart

            Get-AS2GoSettings

        }

        Update-WindowTitle -NewTitle $Script:Phase12 

        Set-KeyValue -key "LastStage" -NewValue $Script:Phase12

        If (-not $SkipImages) { Show-Phases -Phase "phase_012.html" }

        $NextStep = "B"

        Set-NewColorSchema -NewStage $Script:InitialStart

        If (-not $SkipClearHost) { Clear-Host }

        Invoke-Output -T Header -M "Attack Phase - $($Script:Phase12.toupper())"

        Invoke-Output -T Bullet "Create a persistent backdoor domain account"

        Invoke-Output -T Bullet "Perform user account manipulation (disable accounts and/or reset passwords)"

        Invoke-Output -T Bullet "Perform Tier 0 group membership manipulation (remove all admins except backdoor and break-glass accounts)"

        Invoke-Output -T Bullet "Tamper with Group Policy Template (GPT) files to push malicious settings"

        Invoke-Output -T Bullet "Encrypt backup files stored on the domain controller"

        Invoke-Output -T Bullet "Export the DPAPI master key for offline decryption of secrets"

        Invoke-Output -T Bullet "Forge a Kerberos Golden Ticket for long-term domain persistence"

        Invoke-Output -T Bullet "Reboot all available machines in the domain"

        If ($UnAttended) {

            $answer = $Yes

        }

        else {

            $answer = Show-DecisionPrompt

        }

        If ($answer -eq $yes) {

            If (-not $AS2GoDemo) { 

                Invoke-ForestOverview 

                Get-ForestInfo 

            }

            Start-Phase12DomainCompromise 

        }

    }

    ######################## main code ############################

    $runtime = Get-RunTime -StartRunTime $StartRunTime

    Write-Log -Message "    Run Time: $runtime [h] ###"

    Write-Log -Message "### End Function $CurrentFunction ###"

}