Explore a PowerShell SSL MITM script called Interceptor in this 33-minute conference talk from DerbyCon 4. Dive into web privilege escalation, code layout, and key functions such as Invoke-CreateCertificate and Receive-ClientHttpRequest. Learn about server-side operations, response injection techniques, and various script usage scenarios including Host CA and Remote Device Proxy. Gain insights into potential script extensions and understand the speaker's motivations behind building this tool. Conclude with a brief look at its applications in Digital Forensics and Incident Response (#DFIR).
Overview
Syllabus
Web Privilege Escalation
Code Layout
Invoke-CreateCertificate
Receive-ClientHttpRequest
Send-ServerHttpRequest
Receive-HttpServer Response
Response Injection
Script Usage
HostCA
Remote Device Proxy
Script Extensions
#DFIR
What I Wanted To Build...
Thank You
