There is still life for Offensive PowerShell

It is a fact that security controls and detection capabilities against Powershell attacks have been improved during the last years. However, are Powershell attacks still evolving?

Recently, we have read quite a few articles regarding Offensive Powershell:

  1. Invoke-PSImage .  Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file of from the web (when the -Web flag is passed). 
  2. The Invoke-Obfuscation Usage Guide :: Part 1 . Daniel Bohannon provides insights on the lesser-known features of Invoke-Obfuscation. 
  3. The Invoke-Obfuscation Usage Guide :: Part 2 . Daniel Bohannon  elaborates on what to focus  when using Invoke-Obfuscation for both commands and script.
  4. InsecurePowerShell . PowerShell without System.Management.Automation.dll . Ryan Cobb explains how to use the PowerShell without powershell.exe native windows binary as well as with a modified version of System.Management.Automation.dll ! Really interesting stuff. PS> Enjoy! 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.