Explore the world of PowerShell exploitation in this BSidesLV 2015 conference talk. Delve into red teaming, malware motivations, and the offensive potential of PowerShell. Learn about existing technologies, weaponization challenges, and staging problems. Discover the Empire framework's features, including server capabilities, execution methods, listeners, and agent contexts. Examine module development, management techniques, and the powerful Invoke-Mimikatz tool. Witness a live demonstration and discuss detection methods, including memory analysis and Windows 10 considerations. Gain valuable insights into building a robust PowerShell empire for both offensive and defensive purposes.
Overview
Syllabus
Intro
First Things First
Red Teaming
Malware Motivations
In Defense of Offense
Why PowerShell
Bad Guys
Existing Tech
The Weaponization. Problem
The Staging Problem
Extensibility
Server Features
Methods of Execution
Listeners
Additional Listener. Stuff
Empire Staging
In the Agent: Contexts
Modules
Module Development
management/ psinject
Invoke-Mimikatz
Demo
Detection
Memory Analysis
Windows 10 :
Taught by
BSidesLV
