Jesse
Jesse
I did a complete re-write. Should be much easier to follow now. https://github.com/secabstraction/PowerCat
If you're on Windows 10, there are system protected processes which can't be accessed from user-space. So even running as Admin won't allow you to open a handle for these...
You might want to make sure that your user account has the SeDebug privilege.
In powershell v4 Invoke-Command implements runspace jobbing for you ;) If you're talking about remote collections. It does speed up Wmi queries quite effectively though. I know you already have...
Man I hadn't looked at this repo in quite a long time. I tried importing the module and running Trace-ProcessThreads and it worked just fine for me. I will try...