SlideShare a Scribd company logo

Gray Hat PowerShell - ShowMeCon 2015

B
Ben Ten (0xA)

This document contains the slides from a presentation titled "Gray Hat PowerShell" given by Ben Ten at ShowMeCon 2015. The presentation covers an introduction to PowerShell and how it sits on the .NET framework. It then discusses offensive and defensive PowerShell tools and techniques, including PowerSploit, PowerView, Posh-SecMod, PoshSec, Kansa, and Invoke-IR. The presentation includes demonstrations of loading PowerShell programmatically and using tools like PowerSploit. It concludes with reminding attendees that these tools can damage systems if misused and providing resources for further information.

1 of 43
Download to read offline
Gray Hat PowerShell Ben Ten (@Ben0xA) Slides: http://www.slideshare.net/BenTen0xA ShowMeCon 2015
About Me Ben Ten (0xA) @Ben0xA - twitter Chicago - #burbsec Security Consultant at Developer PoshSec Framework Creator Gamer Geek Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Thank You! Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Thank You! Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
About Me Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
About Me Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) DISCLAIMER!
About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) DISCLAIMER! Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec a diam lectus. Sed sit amet ipsum mauris. Maecenas congue ligula ac quam viverra nec consectetur ante hendrerit. Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean ut gravida lorem. Ut turpis felis, pulvinar a semper sed, adipiscing id dolor. Pellentesque auctor nisi id magna consequat sagittis. Curabitur dapibus enim sit amet elit pharetra tincidunt feugiat nisl imperdiet. Ut convallis libero in urna ultrices accumsan. Donec sed odio eros. Donec viverra mi quis quam pulvinar at malesuada arcu rhoncus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In rutrum accumsan ultricies. Mauris vitae nisi at sem facilisis semper ac in est. Vivamus fermentum semper porta. Nunc diam velit, adipiscing ut tristique vitae, sagittis vel odio. Maecenas convallis ullamcorper ultricies. Curabitur ornare, ligula semper consectetur sagittis, nisi diam iaculis velit, id fringilla sem nunc vel mi. Nam dictum, odio nec pretium volutpat, arcu ante placerat erat, non tristique elit urna et turpis. Quisque mi metus, ornare sit amet fermentum et, tincidunt et orci. Fusce eget orci a orci congue vestibulum. Ut dolor diam, elementum et vestibulum eu, porttitor vel elit. Curabitur venenatis pulvinar tellus gravida ornare. Sed et erat faucibus nunc euismod ultricies ut id justo. Nullam cursus suscipit nisi, et ultrices justo sodales nec. Fusce venenatis facilisis lectus ac semper. Aliquam at massa ipsum. Quisque bibendum purus convallis nulla ultrices ultricies. Nullam aliquam, mi eu aliquam tincidunt, purus velit laoreet tortor, viverra pretium nisi quam vitae mi. Fusce vel volutpat elit. Nam sagittis nisi dui. Yes, I know it's Lorem Ipsum….
About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) DISCLAIMER! ● Please do not use any of these tools, techniques, or code on any system that you do not own or otherwise have permission to use. ● Some of these things can damage systems!
About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) This Talk is Not: ● An introduction to PowerShell ● Able to cover the wide array of techniques and code available in 45 minutes
About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Practical PowerShell Programming for Professional People http://ben0xa.com -or- https://youtube.com/watch?v=4X_uBL2YpmA
Overview Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● Under the .NET Hood ● Offense Tools ● Defense Tools ● Resources ● Q&A ● Hugs – if you want them!
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Before you create any tool, regardless of your intent, you need to understand what you are building your tool upon.
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) PowerShell sits directly on Microsoft .NET Framework
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) PowerShell is NOT powershell.exe
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) powershell.exe is just a host application. It hosts the assembly that contains PowerShell and handles I/O. System.Management.Automation.dll
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) The Code $ps = [powershell]::Create() $ps.AddCommand("Get-ChildItem") $ps.Invoke() $ps.Commands.Clear() $ps.AddScript("Write-Output `"Hey there ShowMeCon!`"; Get- ChildItem;") $ps.Invoke()
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo #2
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) The Code The AwesomerShell code is available on ben0xa.com
Offense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PowerSploit Matt Graeber (@mattifestation) Chris Campbell (@obscuresec) ● Veil-PowerView / PowerUp Will Shroeder (@harmj0y) ● Posh-SecMod Carlos Perez (@darkoperator)
Offense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PowerSploit Matt Graeber (@mattifestation) Chris Campbell (@obscuresec) ● Veil-PowerView Will Shroeder (@harmj0y) ● Posh-SecMod Carlos Perez (@darkoperator)
PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Add-Persistence Find-4624Logons Find-4648Logons Find-AppLockerLogs Find-AVSignature Find-PSScriptsInPSAppLog Find-RDPClientConnections Get-ComputerDetails Get-GPPPassword Get-HttpStatus Get-Keystrokes Get-SecurityPackages Get-TimedScreenshot Get-VaultCredential Get-VolumeShadowCopy Install-SSP Invoke-CredentialInjection Invoke-DllInjection Invoke-Mimikatz Invoke-NinjaCopy Invoke-PortScan Invoke-ReflectivePEInjection Invoke-ReverseDNSLookup Invoke-Shellcode Invoke-ShellcodeMSIL Invoke-TokenManipulation Mount-VolumeShadowCopy New-ElevatedPersistenceOption New-UserPersistenceOption Out-CompressedDll Out-EncodedCommand Out-EncryptedScript Out-Minidump Remove-Comments Set-CriticalProcess Set-MasterBootRecord
PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) STOP!
PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Invoke-Expression (iex) Loads Directly in Memory – No Disk I/O
PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo #3
Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PoshSec Matt Johnson (@mwjcomputing) Ben Ten (@ben0xa) ● Kansa Dave Hull (@davehull) ● Invoke-IR / PowerForensics Jared Atkinson (@jaredcatkinson)
Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PoshSec Matt Johnson (@mwjcomputing) Ben Ten (@ben0xa) ● Kansa Dave Hull (@davehull) ● Invoke-IR / PowerForensics Jared Atkinson (@jaredcatkinson)
Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo #4
Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
Resources Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PowerSploit https://github.com/mattifestation/PowerSploit ● Veil-PowerView / PowerUp https://github.com/veil-framework/ ● Posh-SecMod https://github.com/darkoperator/
Resources Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PoshSec https://github.com/poshsec ● Kansa https://github.com/davehull ● Invoke-IR / PowerForensics https://github.com/invoke-ir
Q&A Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Ben Ten (0xA) @Ben0xA - twitter http://ben0xa.com http://poshsec.com web@ben0xa.com Ben0xA – LinkedIn, Github, keybase, etc. irc.freenode.net #burbsec, #poshsec, #pssec http://www.slideshare.net/BenTen0xA

Recommended

Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended EditionPractical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended Edition
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional PeoplePractical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional People
Ben Ten (0xA)
 
Solving Localization Challenges with Design Pattern Automation
Solving Localization Challenges with Design Pattern AutomationSolving Localization Challenges with Design Pattern Automation
Solving Localization Challenges with Design Pattern Automation
PostSharp Technologies
 
Metasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCUMetasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCU
Kiwamu Okabe
 
Netflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.js
Netflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.jsNetflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.js
Netflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.js
Chris Saint-Amant
 
TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기
TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기
TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기
Heejong Ahn
 
Code review workshop
Code review workshopCode review workshop
Code review workshop
Damien Seguy
 

Recommended

Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4Practical PowerShell Programming for Professional People - DerbyCon 4
Practical PowerShell Programming for Professional People - DerbyCon 4
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended EditionPractical PowerShell Programming for Professional People - Extended Edition
Practical PowerShell Programming for Professional People - Extended Edition
Ben Ten (0xA)
 
Practical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional PeoplePractical PowerShell Programming for Professional People
Practical PowerShell Programming for Professional People
Ben Ten (0xA)
 
Solving Localization Challenges with Design Pattern Automation
Solving Localization Challenges with Design Pattern AutomationSolving Localization Challenges with Design Pattern Automation
Solving Localization Challenges with Design Pattern Automation
PostSharp Technologies
 
Metasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCUMetasepi team meeting #16: Safety on ATS language + MCU
Metasepi team meeting #16: Safety on ATS language + MCU
Kiwamu Okabe
 
Netflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.js
Netflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.jsNetflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.js
Netflix JavaScript Talks - Scaling A/B Testing on Netflix.com with Node.js
Chris Saint-Amant
 
TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기
TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기
TypeScript와 Flow: 
자바스크립트 개발에 정적 타이핑 도입하기
Heejong Ahn
 
Code review workshop
Code review workshopCode review workshop
Code review workshop
Damien Seguy
 
How to do everything with PowerShell
How to do everything with PowerShellHow to do everything with PowerShell
How to do everything with PowerShell
Juan Carlos Gonzalez
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
CODE BLUE
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShell
Nikhil Mittal
 
Some PowerShell Goodies
Some PowerShell GoodiesSome PowerShell Goodies
Some PowerShell Goodies
Cybereason
 
PowerShell from *nix user perspective
PowerShell from *nix user perspectivePowerShell from *nix user perspective
PowerShell from *nix user perspective
Juraj Michálek
 
PowerShell 101
PowerShell 101PowerShell 101
PowerShell 101
Thomas Lee
 
Managing VMware with PowerShell - VMworld 2008
Managing VMware with PowerShell - VMworld 2008Managing VMware with PowerShell - VMworld 2008
Managing VMware with PowerShell - VMworld 2008
Carter Shanklin
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
Will Schroeder
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
Will Schroeder
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
Russel Van Tuyl
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
Daniel Bohannon
 
Malwarem armed with PowerShell
Malwarem armed with PowerShellMalwarem armed with PowerShell
Malwarem armed with PowerShellFFRI, Inc.
 
PowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationPowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege Escalation
Will Schroeder
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
Office 365 & PowerShell - A match made in heaven
Office 365 & PowerShell - A match made in heavenOffice 365 & PowerShell - A match made in heaven
Office 365 & PowerShell - A match made in heaven
Sébastien Levert
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)
ÇözümPARK
 
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Richard Calderon
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, PowershellRoo7break
 
Powershell Seminar @ ITWorx CuttingEdge Club
Powershell Seminar @ ITWorx CuttingEdge ClubPowershell Seminar @ ITWorx CuttingEdge Club
Powershell Seminar @ ITWorx CuttingEdge Club
Essam Salah
 
PowerShell Plus v4.7 Overview
PowerShell Plus v4.7 OverviewPowerShell Plus v4.7 Overview
PowerShell Plus v4.7 Overview
Richard Giles
 
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Steve Lock
 
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Ruth Everett
 

More Related Content

Viewers also liked

How to do everything with PowerShell
How to do everything with PowerShellHow to do everything with PowerShell
How to do everything with PowerShell
Juan Carlos Gonzalez
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
CODE BLUE
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShell
Nikhil Mittal
 
Some PowerShell Goodies
Some PowerShell GoodiesSome PowerShell Goodies
Some PowerShell Goodies
Cybereason
 
PowerShell from *nix user perspective
PowerShell from *nix user perspectivePowerShell from *nix user perspective
PowerShell from *nix user perspective
Juraj Michálek
 
PowerShell 101
PowerShell 101PowerShell 101
PowerShell 101
Thomas Lee
 
Managing VMware with PowerShell - VMworld 2008
Managing VMware with PowerShell - VMworld 2008Managing VMware with PowerShell - VMworld 2008
Managing VMware with PowerShell - VMworld 2008
Carter Shanklin
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
Will Schroeder
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
Will Schroeder
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
Russel Van Tuyl
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
Daniel Bohannon
 
Malwarem armed with PowerShell
Malwarem armed with PowerShellMalwarem armed with PowerShell
Malwarem armed with PowerShellFFRI, Inc.
 
PowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationPowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege Escalation
Will Schroeder
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
Office 365 & PowerShell - A match made in heaven
Office 365 & PowerShell - A match made in heavenOffice 365 & PowerShell - A match made in heaven
Office 365 & PowerShell - A match made in heaven
Sébastien Levert
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)
ÇözümPARK
 
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Richard Calderon
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, PowershellRoo7break
 
Powershell Seminar @ ITWorx CuttingEdge Club
Powershell Seminar @ ITWorx CuttingEdge ClubPowershell Seminar @ ITWorx CuttingEdge Club
Powershell Seminar @ ITWorx CuttingEdge Club
Essam Salah
 
PowerShell Plus v4.7 Overview
PowerShell Plus v4.7 OverviewPowerShell Plus v4.7 Overview
PowerShell Plus v4.7 Overview
Richard Giles
 

Viewers also liked (20)

How to do everything with PowerShell
How to do everything with PowerShellHow to do everything with PowerShell
How to do everything with PowerShell
 
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
[CB16] Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To...
 
Client side attacks using PowerShell
Client side attacks using PowerShellClient side attacks using PowerShell
Client side attacks using PowerShell
 
Some PowerShell Goodies
Some PowerShell GoodiesSome PowerShell Goodies
Some PowerShell Goodies
 
PowerShell from *nix user perspective
PowerShell from *nix user perspectivePowerShell from *nix user perspective
PowerShell from *nix user perspective
 
PowerShell 101
PowerShell 101PowerShell 101
PowerShell 101
 
Managing VMware with PowerShell - VMworld 2008
Managing VMware with PowerShell - VMworld 2008Managing VMware with PowerShell - VMworld 2008
Managing VMware with PowerShell - VMworld 2008
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0
 
Building an Empire with PowerShell
Building an Empire with PowerShellBuilding an Empire with PowerShell
Building an Empire with PowerShell
 
PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016PowerShell for Cyber Warriors - Bsides Knoxville 2016
PowerShell for Cyber Warriors - Bsides Knoxville 2016
 
Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017Invoke-Obfuscation nullcon 2017
Invoke-Obfuscation nullcon 2017
 
Malwarem armed with PowerShell
Malwarem armed with PowerShellMalwarem armed with PowerShell
Malwarem armed with PowerShell
 
PowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege EscalationPowerUp - Automating Windows Privilege Escalation
PowerUp - Automating Windows Privilege Escalation
 
PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)PSConfEU - Offensive Active Directory (With PowerShell!)
PSConfEU - Offensive Active Directory (With PowerShell!)
 
Office 365 & PowerShell - A match made in heaven
Office 365 & PowerShell - A match made in heavenOffice 365 & PowerShell - A match made in heaven
Office 365 & PowerShell - A match made in heaven
 
Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)Windows Server 2008 (PowerShell Scripting Uygulamaları)
Windows Server 2008 (PowerShell Scripting Uygulamaları)
 
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
Better, Faster, Stronger! Boost Your Team-Based SharePoint Development Using ...
 
Power on, Powershell
Power on, PowershellPower on, Powershell
Power on, Powershell
 
Powershell Seminar @ ITWorx CuttingEdge Club
Powershell Seminar @ ITWorx CuttingEdge ClubPowershell Seminar @ ITWorx CuttingEdge Club
Powershell Seminar @ ITWorx CuttingEdge Club
 
PowerShell Plus v4.7 Overview
PowerShell Plus v4.7 OverviewPowerShell Plus v4.7 Overview
PowerShell Plus v4.7 Overview
 

Similar to Gray Hat PowerShell - ShowMeCon 2015

Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Steve Lock
 
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Ruth Everett
 
Taking Control: How TechComms are Leading Brand Language
Taking Control: How TechComms are Leading Brand LanguageTaking Control: How TechComms are Leading Brand Language
Taking Control: How TechComms are Leading Brand Language
Rhyne Armstrong
 
Codeception Testing Framework -- English #phpkansai
Codeception Testing Framework -- English #phpkansaiCodeception Testing Framework -- English #phpkansai
Codeception Testing Framework -- English #phpkansai
Florent Batard
 
#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein
#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein
#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein
Steve Heye
 
Open source software for startups
Open source software for startupsOpen source software for startups
Open source software for startupsvictorneo
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of Serverless
Andrii Soldatenko
 
Clouds are Not Free: Guide to Observability-Driven Efficiency Optimizations
Clouds are Not Free: Guide to Observability-Driven Efficiency OptimizationsClouds are Not Free: Guide to Observability-Driven Efficiency Optimizations
Clouds are Not Free: Guide to Observability-Driven Efficiency Optimizations
ScyllaDB
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
Ayoma Wijethunga
 
Rapid prototypingembeddedsystemsbypython
Rapid prototypingembeddedsystemsbypythonRapid prototypingembeddedsystemsbypython
Rapid prototypingembeddedsystemsbypython
Albert Huang
 
Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett
Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett
Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett
Ruth Everett
 
The Ultimate Free Digital Marketing Toolkit
The Ultimate Free Digital Marketing ToolkitThe Ultimate Free Digital Marketing Toolkit
The Ultimate Free Digital Marketing Toolkit
Steve Lock
 
JavaScript and Internet Controlled Hardware Prototyping
JavaScript and Internet Controlled Hardware PrototypingJavaScript and Internet Controlled Hardware Prototyping
JavaScript and Internet Controlled Hardware Prototyping
All Things Open
 
JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...
JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...
JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...
Jonathan LeBlanc
 
Construction Product Marketers: Enable & Get the F**k Out The Way
Construction Product Marketers: Enable & Get the F**k Out The WayConstruction Product Marketers: Enable & Get the F**k Out The Way
Construction Product Marketers: Enable & Get the F**k Out The Way
Pritesh Patel
 
Power Shell As A Tools Platform
Power Shell As A Tools PlatformPower Shell As A Tools Platform
Power Shell As A Tools Platform
beefarino
 
Start! ATS programming
Start! ATS programmingStart! ATS programming
Start! ATS programmingKiwamu Okabe
 
Introduction to python scrapping
Introduction to python scrappingIntroduction to python scrapping
Introduction to python scrapping
n|u - The Open Security Community
 
Explainable Machine Learning for Ranking Factors
Explainable Machine Learning for Ranking FactorsExplainable Machine Learning for Ranking Factors
Explainable Machine Learning for Ranking Factors
Vincent Terrasi
 
The Great @fsibot Caper
The Great @fsibot CaperThe Great @fsibot Caper
The Great @fsibot Caper
mathias-brandewinder
 

Similar to Gray Hat PowerShell - ShowMeCon 2015 (20)

Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
 
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
Getting Started with Python and Machine Learning for SEO | BrightonSEO Octobe...
 
Taking Control: How TechComms are Leading Brand Language
Taking Control: How TechComms are Leading Brand LanguageTaking Control: How TechComms are Leading Brand Language
Taking Control: How TechComms are Leading Brand Language
 
Codeception Testing Framework -- English #phpkansai
Codeception Testing Framework -- English #phpkansaiCodeception Testing Framework -- English #phpkansai
Codeception Testing Framework -- English #phpkansai
 
#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein
#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein
#14NTC Ignite Session Bringin Techie Back with Peter Campbell & Dahna Goldstein
 
Open source software for startups
Open source software for startupsOpen source software for startups
Open source software for startups
 
Origins of Serverless
Origins of ServerlessOrigins of Serverless
Origins of Serverless
 
Clouds are Not Free: Guide to Observability-Driven Efficiency Optimizations
Clouds are Not Free: Guide to Observability-Driven Efficiency OptimizationsClouds are Not Free: Guide to Observability-Driven Efficiency Optimizations
Clouds are Not Free: Guide to Observability-Driven Efficiency Optimizations
 
Recent Trends in Cyber Security
Recent Trends in Cyber SecurityRecent Trends in Cyber Security
Recent Trends in Cyber Security
 
Rapid prototypingembeddedsystemsbypython
Rapid prototypingembeddedsystemsbypythonRapid prototypingembeddedsystemsbypython
Rapid prototypingembeddedsystemsbypython
 
Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett
Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett
Python For Technical SEO | Women In Tech SEO Festival March 2020 | Ruth Everett
 
The Ultimate Free Digital Marketing Toolkit
The Ultimate Free Digital Marketing ToolkitThe Ultimate Free Digital Marketing Toolkit
The Ultimate Free Digital Marketing Toolkit
 
JavaScript and Internet Controlled Hardware Prototyping
JavaScript and Internet Controlled Hardware PrototypingJavaScript and Internet Controlled Hardware Prototyping
JavaScript and Internet Controlled Hardware Prototyping
 
JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...
JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...
JavaScript and Internet Controlled Hardware Prototyping (Now with more Node G...
 
Construction Product Marketers: Enable & Get the F**k Out The Way
Construction Product Marketers: Enable & Get the F**k Out The WayConstruction Product Marketers: Enable & Get the F**k Out The Way
Construction Product Marketers: Enable & Get the F**k Out The Way
 
Power Shell As A Tools Platform
Power Shell As A Tools PlatformPower Shell As A Tools Platform
Power Shell As A Tools Platform
 
Start! ATS programming
Start! ATS programmingStart! ATS programming
Start! ATS programming
 
Introduction to python scrapping
Introduction to python scrappingIntroduction to python scrapping
Introduction to python scrapping
 
Explainable Machine Learning for Ranking Factors
Explainable Machine Learning for Ranking FactorsExplainable Machine Learning for Ranking Factors
Explainable Machine Learning for Ranking Factors
 
The Great @fsibot Caper
The Great @fsibot CaperThe Great @fsibot Caper
The Great @fsibot Caper
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 

Gray Hat PowerShell - ShowMeCon 2015

  • 1. Gray Hat PowerShell Ben Ten (@Ben0xA) Slides: http://www.slideshare.net/BenTen0xA ShowMeCon 2015
  • 2. About Me Ben Ten (0xA) @Ben0xA - twitter Chicago - #burbsec Security Consultant at Developer PoshSec Framework Creator Gamer Geek Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 3. Thank You! Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 4. Thank You! Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 5. About Me Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 6. About Me Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 7. About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) DISCLAIMER!
  • 8. About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) DISCLAIMER! Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec a diam lectus. Sed sit amet ipsum mauris. Maecenas congue ligula ac quam viverra nec consectetur ante hendrerit. Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean ut gravida lorem. Ut turpis felis, pulvinar a semper sed, adipiscing id dolor. Pellentesque auctor nisi id magna consequat sagittis. Curabitur dapibus enim sit amet elit pharetra tincidunt feugiat nisl imperdiet. Ut convallis libero in urna ultrices accumsan. Donec sed odio eros. Donec viverra mi quis quam pulvinar at malesuada arcu rhoncus. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. In rutrum accumsan ultricies. Mauris vitae nisi at sem facilisis semper ac in est. Vivamus fermentum semper porta. Nunc diam velit, adipiscing ut tristique vitae, sagittis vel odio. Maecenas convallis ullamcorper ultricies. Curabitur ornare, ligula semper consectetur sagittis, nisi diam iaculis velit, id fringilla sem nunc vel mi. Nam dictum, odio nec pretium volutpat, arcu ante placerat erat, non tristique elit urna et turpis. Quisque mi metus, ornare sit amet fermentum et, tincidunt et orci. Fusce eget orci a orci congue vestibulum. Ut dolor diam, elementum et vestibulum eu, porttitor vel elit. Curabitur venenatis pulvinar tellus gravida ornare. Sed et erat faucibus nunc euismod ultricies ut id justo. Nullam cursus suscipit nisi, et ultrices justo sodales nec. Fusce venenatis facilisis lectus ac semper. Aliquam at massa ipsum. Quisque bibendum purus convallis nulla ultrices ultricies. Nullam aliquam, mi eu aliquam tincidunt, purus velit laoreet tortor, viverra pretium nisi quam vitae mi. Fusce vel volutpat elit. Nam sagittis nisi dui. Yes, I know it's Lorem Ipsum….
  • 9. About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) DISCLAIMER! ● Please do not use any of these tools, techniques, or code on any system that you do not own or otherwise have permission to use. ● Some of these things can damage systems!
  • 10. About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) This Talk is Not: ● An introduction to PowerShell ● Able to cover the wide array of techniques and code available in 45 minutes
  • 11. About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 12. About This Talk Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Practical PowerShell Programming for Professional People http://ben0xa.com -or- https://youtube.com/watch?v=4X_uBL2YpmA
  • 13. Overview Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● Under the .NET Hood ● Offense Tools ● Defense Tools ● Resources ● Q&A ● Hugs – if you want them!
  • 14. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 15. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Before you create any tool, regardless of your intent, you need to understand what you are building your tool upon.
  • 16. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) PowerShell sits directly on Microsoft .NET Framework
  • 17. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) PowerShell is NOT powershell.exe
  • 18. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) powershell.exe is just a host application. It hosts the assembly that contains PowerShell and handles I/O. System.Management.Automation.dll
  • 19. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 20. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo
  • 21. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 22. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 23. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) The Code $ps = [powershell]::Create() $ps.AddCommand("Get-ChildItem") $ps.Invoke() $ps.Commands.Clear() $ps.AddScript("Write-Output `"Hey there ShowMeCon!`"; Get- ChildItem;") $ps.Invoke()
  • 24. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo #2
  • 25. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 26. Under the .NET Framework Hood Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) The Code The AwesomerShell code is available on ben0xa.com
  • 27. Offense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PowerSploit Matt Graeber (@mattifestation) Chris Campbell (@obscuresec) ● Veil-PowerView / PowerUp Will Shroeder (@harmj0y) ● Posh-SecMod Carlos Perez (@darkoperator)
  • 28. Offense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PowerSploit Matt Graeber (@mattifestation) Chris Campbell (@obscuresec) ● Veil-PowerView Will Shroeder (@harmj0y) ● Posh-SecMod Carlos Perez (@darkoperator)
  • 29. PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Add-Persistence Find-4624Logons Find-4648Logons Find-AppLockerLogs Find-AVSignature Find-PSScriptsInPSAppLog Find-RDPClientConnections Get-ComputerDetails Get-GPPPassword Get-HttpStatus Get-Keystrokes Get-SecurityPackages Get-TimedScreenshot Get-VaultCredential Get-VolumeShadowCopy Install-SSP Invoke-CredentialInjection Invoke-DllInjection Invoke-Mimikatz Invoke-NinjaCopy Invoke-PortScan Invoke-ReflectivePEInjection Invoke-ReverseDNSLookup Invoke-Shellcode Invoke-ShellcodeMSIL Invoke-TokenManipulation Mount-VolumeShadowCopy New-ElevatedPersistenceOption New-UserPersistenceOption Out-CompressedDll Out-EncodedCommand Out-EncryptedScript Out-Minidump Remove-Comments Set-CriticalProcess Set-MasterBootRecord
  • 30. PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) STOP!
  • 31. PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 32. PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 33. PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Invoke-Expression (iex) Loads Directly in Memory – No Disk I/O
  • 34. PowerSploit Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo #3
  • 35. Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PoshSec Matt Johnson (@mwjcomputing) Ben Ten (@ben0xa) ● Kansa Dave Hull (@davehull) ● Invoke-IR / PowerForensics Jared Atkinson (@jaredcatkinson)
  • 36. Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PoshSec Matt Johnson (@mwjcomputing) Ben Ten (@ben0xa) ● Kansa Dave Hull (@davehull) ● Invoke-IR / PowerForensics Jared Atkinson (@jaredcatkinson)
  • 37. Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Demo #4
  • 38. Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 39. Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 40. Defense Tools Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA)
  • 41. Resources Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PowerSploit https://github.com/mattifestation/PowerSploit ● Veil-PowerView / PowerUp https://github.com/veil-framework/ ● Posh-SecMod https://github.com/darkoperator/
  • 42. Resources Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) ● PoshSec https://github.com/poshsec ● Kansa https://github.com/davehull ● Invoke-IR / PowerForensics https://github.com/invoke-ir
  • 43. Q&A Gray Hat PowerShell ShowMeCon 2015 - Ben Ten (@Ben0xA) Ben Ten (0xA) @Ben0xA - twitter http://ben0xa.com http://poshsec.com web@ben0xa.com Ben0xA – LinkedIn, Github, keybase, etc. irc.freenode.net #burbsec, #poshsec, #pssec http://www.slideshare.net/BenTen0xA