Meet us at Hacktivity 2015 @Budapest!

August 18 / 2015

PowerShell has gained considerable attention over the past few years in response to increased task automation in the Windows environment.

PowerShell has gained considerable attention over the past few years in response to increased task automation in the Windows environment. Regardless of PowerShell’s capability to address administrators’ day-to-day operations, it is widely used for penetration testing and even attacking purposes. Specifically designed post-exploitation attacks and payloads by utilizing PowerShell are difficult to prevent on the condition thatas the attackers gain privilege accounts. All protections ranging from the control on Execution Policy, Constrained PowerShell to customize the remote endpoints, AppLocker to allow or deny applications from running, to the control of objects with PSLockdownPolicy in PowerShell V3 could be, in some ways, tampered or bypassed to run malicious PowerShell script. 

Security monitoring by enabling subtle details in PowerShell Event Logs is able to collect useful information when PowerShell is called, but attackers could find a way to alter or disable those legitimately. So far no major study exists to corroborate such a conclusion on about the defense against PowerShell attacks in this condition. Until such a study is undertaken or a new feature is introduced, we have built a PowerShade platform, a prototype in python script to observe, capture, and neutralise PowerShell post-exploitation attacks.

Intrusion Discovery on Linux

SANS institute introduced intrusion discovery cheat sheet for system administrators. The cheat sheet suggests often used commands to find any…

CSRF Redirector

Yes, this is Cross-Site Request Forgery Redirector. If you are a fan of PHP, I am quite certain that you…

Smashing Flash Applications

Episode. 0X00 When we perform penetration testing against web applications, Flash embedded objects are in our scope. Even the stakeholder…

Intrusion Discovery on Linux

SANS institute introduced intrusion discovery cheat sheet for system administrators. The cheat sheet suggests often used commands to find any…

CSRF Redirector

Yes, this is Cross-Site Request Forgery Redirector. If you are a fan of PHP, I am quite certain that you…

Smashing Flash Applications

Episode. 0X00 When we perform penetration testing against web applications, Flash embedded objects are in our scope. Even the stakeholder…

Intrusion Discovery on Linux

SANS institute introduced intrusion discovery cheat sheet for system administrators. The cheat sheet suggests often used commands to find any…

CSRF Redirector

Yes, this is Cross-Site Request Forgery Redirector. If you are a fan of PHP, I am quite certain that you…

Smashing Flash Applications

Episode. 0X00 When we perform penetration testing against web applications, Flash embedded objects are in our scope. Even the stakeholder…