Hackers of India

Powershell for Penetraton Testers

By  Nikhil Mittal  on 08 Aug 2015 @ Defcon : Packetcapture Village

Abstract

PowerShell has changed the way Windows networks are attacked. It is Microsoft’s shell and scripting language available by default in all modern Windows computers. It can interact with .NET, WMI, COM, Windows API, Registry and other computers on a Windows network. This makes it imperative for Penetration Testers and Red Teamers to learn PowerShell. This talk looks at various attacks and tasks performed by penetration testers and red teamers during different phases of an assessment and utilize PowerShell to make them easy and much more powerful. Various techniques like in-memory shellcode execution from a Word macro, dumping system secrets in plain, using innovative communication channels, lateral movement, network relays, using Metasploit payloads without detection etc. would be discussed.