NEBULA
Interactive PowerShell framework for testing WMI, COM, LOLBAS, and persistence techniques. Built for red team testing and defense validation.
git clone https://github.com/MHaggis/NEBULA.git && Import-Module .\NEBULA.psm1 && Invoke-NEBULA ⚠ The Problem
Testing detection coverage for WMI, COM objects, LOLBAS, and persistence techniques requires running multiple separate tools and scripts.
✓ The Solution
NEBULA provides an interactive TUI-based framework that consolidates testing for various attack techniques into a single, easy-to-use interface.
⚡ Impact
Enables defenders to quickly validate their detection coverage across multiple technique categories.
Overview
NEBULA is an interactive PowerShell framework designed for testing detection capabilities around:
- WMI abuse techniques
- COM object manipulation
- LOLBAS (Living Off The Land Binaries and Scripts)
- Persistence mechanisms
Features
- Interactive TUI interface
- Atomic Red Team integration
- Comprehensive technique coverage
- Easy to extend with new tests
Test your detections with NEBULA
Related Modules
LOLRMM
Living Off The Land Remote Monitoring & Management - A curated list of RMM tools abused by adversaries for persistence and lateral movement.
PowerShell-Hunter
PowerShell tools to help defenders hunt smarter, hunt harder. A collection of scripts, queries, and techniques for threat hunting using PowerShell.
Fancy NTLM Relay
Advanced NTLM relay attack toolkit for testing authentication security in Windows environments.