PSAmsi - An Offensive PowerShell Module for Interacting with the Anti Malware Scan Interface
via YouTube
Overview
Syllabus
Introduction
Who am I
My goals
Offensive PowerShell Dead Yet
Offensive PowerShell is not dead yet
Most organizations havent moved to Windows 10
PowerShell is open source
Macgraver
How it works
Why PSAmsi
Demo
PSAmsi scanner class
Find MSI signatures
Example script
Finding signatures
Obfuscation
Obfuscation example
Revo confiscation
How do we automate this process
Get minimally obfuscated
Clientserver architecture
Server side functionality
Invoke obfuscate
Limit alerts
Scan find signatures
Obfuscated signatures
Evolving
More languages
Group Policy
Closing remarks
PSAMC
Credits