Explore the potential of PowerShell for cybersecurity professionals in this comprehensive conference talk from ShowMeCon. Delve into PowerShell's growing popularity among hackers, its versatility as more than just a shell, and its powerful cmdlets for discovery, task execution, formatting, and output. Examine PowerShell providers, scripting language features, and the use of objects, variables, arrays, and logic structures. Learn about PowerShell's integration with .NET and COM, and discover how to leverage the Integrated Scripting Environment. Investigate how hackers utilize PowerShell, including techniques like PowerShell Golf and staged approaches. Gain insights into PowerShell's role in exploitation, phishing, and post-exploitation scenarios, as well as its implications for incident response and defense. Conclude with resources for further learning and a Q&A session to deepen your understanding of this powerful post-exploitation language.
Overview
Syllabus
Intro
Ignore InfoSec Hipsters
PowerShell is for hackers
Gaining Popularity
Why learn PowerShell?
PowerShell Malware
Blue is the new black
Not just a shell
Examples of cmdlets (discovery)
Examples of cmdlets (tasks)
Examples of cmdlets (format)
Examples of cmdlets (output)
PowerShell Providers
Scripting Language
Objects vs Strings
Variables
Arrays
Operators
Conditional Logic
Looping Logic
Net and COM
Net Example
COM Example
C# Wrapper
The Power of the Pipeline
Integrated Scripting Environment
Execution Policy
How Hackers Use PowerShell
PowerShell Golf
Playing Golf (continued)
Staged Approach
Base64 Encoding Trick
Execute
PowerShell and Exploitation
PowerShell and Phishing
Post-Exploitation
Incident Response
Detect Persistence
Defense
Searching for MSF's PsExec
Learn More Books
Questions?
