A presentation covering some of the interesting things going on with Powershell in the Infosec community. I give a brief overview of what powershell is, then go over some interesting aspects of three different offensive powershell frameworks and finally give a demo of how a local user can escalate to domain admin privileges using just these frameworks.
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
This talk covers the basics of how PowerShell works and how to use it. It then goes over a lot of the interesting offensive PowerShell tools that are available and gives a demo of using PowerShell to escalate to Domain Admin privileges on a network.
A video of the talk is available here: https://www.youtube.com/watch?v=YSUJNInriiY
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
This talk serves as a follow up to my Introducing PS>Attack talk and covers some new features that have been added to the tool as well as how to defend an environment against PowerShell based attacks.
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
PS>Attack is designed to make it easy for Penetration Testers to incorporate PowerShell into their bag of tricks. Its a custom PowerShell console packed with some of the best offensive tools available. It's designed to be easy to use and opsec safe.
Get-Help: An intro to PowerShell and how to Use it for Eviljaredhaight
This talk covers the basics of how PowerShell works and how to use it. It then goes over a lot of the interesting offensive PowerShell tools that are available and gives a demo of using PowerShell to escalate to Domain Admin privileges on a network.
A video of the talk is available here: https://www.youtube.com/watch?v=YSUJNInriiY
Incorporating PowerShell into your Arsenal with PS>Attackjaredhaight
This talk serves as a follow up to my Introducing PS>Attack talk and covers some new features that have been added to the tool as well as how to defend an environment against PowerShell based attacks.
Introducing PS>Attack: An offensive PowerShell toolkitjaredhaight
PS>Attack is designed to make it easy for Penetration Testers to incorporate PowerShell into their bag of tricks. Its a custom PowerShell console packed with some of the best offensive tools available. It's designed to be easy to use and opsec safe.
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
PowerUp - Automating Windows Privilege EscalationWill Schroeder
This slidedeck was given as a firetalk at @BSidesBoston '14, and covers the genesis and implementation of PowerUp, a Powershell tool for Windows privilege escalation.
This presentation was given at PSConfEU and covers common privilege escalation vectors for Windows systems, as well as how to enumerate these issues with PowerUp.
PowerShell for Cyber Warriors - Bsides Knoxville 2016Russel Van Tuyl
Powershell, the new hotness, is an interactive object-oriented command environment that has revolutionized the ability to interact with the Windows operating systems in a programmatic manner. This environment significantly increases the capabilities of administrators, attackers, defenders, and malware authors alike. This presentation introduces popular PowerShell tools and techniques used by penetration testers and blue team members. Tools range from in-memory only remote administration tools to Active Directory enumeration and from reverse engineering to incident response. Additionally, we will review a couple of pieces of malware that leverage PowerShell and provide information on detecting or defending against previously discussed attacks. If you're a CyberWarrior, this presentation will undoubtedly up your game by equipping you with knowledge on the almighty PowerShell.
This presentation was given at DerbyCon 6 on 9/23/2016. It covers the fusion of the PowerShell Empire and Python EmPyre projects, as well as new Empire 2.0 transports.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
PSConfEU - Offensive Active Directory (With PowerShell!)Will Schroeder
This talk covers PowerShell for offensive Active Directory operations with PowerView. It was given on April 21, 2016 at the PowerShell Conference EU 2016.
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.
PowerUp - Automating Windows Privilege EscalationWill Schroeder
This slidedeck was given as a firetalk at @BSidesBoston '14, and covers the genesis and implementation of PowerUp, a Powershell tool for Windows privilege escalation.
This presentation was given at PSConfEU and covers common privilege escalation vectors for Windows systems, as well as how to enumerate these issues with PowerUp.
PowerShell for Cyber Warriors - Bsides Knoxville 2016Russel Van Tuyl
Powershell, the new hotness, is an interactive object-oriented command environment that has revolutionized the ability to interact with the Windows operating systems in a programmatic manner. This environment significantly increases the capabilities of administrators, attackers, defenders, and malware authors alike. This presentation introduces popular PowerShell tools and techniques used by penetration testers and blue team members. Tools range from in-memory only remote administration tools to Active Directory enumeration and from reverse engineering to incident response. Additionally, we will review a couple of pieces of malware that leverage PowerShell and provide information on detecting or defending against previously discussed attacks. If you're a CyberWarrior, this presentation will undoubtedly up your game by equipping you with knowledge on the almighty PowerShell.
This presentation was given at DerbyCon 6 on 9/23/2016. It covers the fusion of the PowerShell Empire and Python EmPyre projects, as well as new Empire 2.0 transports.
XCon 2014 => http://xcon.xfocus.org/
In the past was quite common to exploit heap / pool manager vulnerabilities attacking its internal linked structures. However current memory management improve a lot and at current date it is quite ineffective to attack heap in this way. But still those techniques come into hand when we start to looking at linked structures widespread throughout kernel that are unfortunately not hardened enough.
In this presentation we will examine power of these vulnerabilities by famous example “CVE – 2013 - 3660”. Showing bypass on ‘lazy’ assertions of _LIST_ENTRY, present exploitation after party and teleport to kernel.
PSConfEU - Offensive Active Directory (With PowerShell!)Will Schroeder
This talk covers PowerShell for offensive Active Directory operations with PowerView. It was given on April 21, 2016 at the PowerShell Conference EU 2016.
PowerShell, the must have tool and the long overlooked security challenge. Learn how PowerShell’s deep integration with the Microsoft platform can be utilized as a powerful attack platform within the enterprise space. Watch as a malicious actor moves from a compromised end user PC to the domain controllers and learn how we can begin to defend these types of attacks.
This presentation done at DeepSec 2014 focuses on using PowerShell for Client Side attacks. New scripts which are part of the open-source toolkit Nishang were also released. NIshang is toolkit in PowerShell for Penetration Testing
Bringing your game to the global scene - Toge ProductionsTech in Asia ID
CEO of Toge Productions share the story of bringing their game, Infectonator: Survivors, to PAX East 2016 in Boston and how the game manage to pass the elimination against thousand other applicants.
Internet of things applications covering industrial domainDev Bhattacharya
Internet of things (IOT) applications covering industrial domain was presented at World congress on Industrial Automation on July 22 '15. This presentation provides an overview of IOT and industrial IOT including protocols, system architecture, industrial IOT key differences, industrial IOT system architecture and requirements, architectural components such as operational technology(OT) and informational technology components (IT), Edge processing device hardware and software.
44CON London 2015: NTFS Analysis with PowerForensicsJared Atkinson
This workshop was given by Jared Atkinson on September 11th 2015 at 44CON London. The purpose of this workshop was to introduce participants to NTFS Internals and PowerForensics, an open source PowerShell digital forensics platform.
BSidesDC - **** it, Do It Live (PowerShell Digital Forensics)Jared Atkinson
Slides for Jared Atkinson's talk at BSidesDC titled "**** it, Do It Live (PowerShell Digital Forensics)". The presentation was given on 17 October 2015
New MITM Framework Bettercap A complete, modular, portable and easily extensible MITM framework. Bettercap is a complete, modular,
portable and easily extensible MITM tool and framework with every kind of diagnostic and offensive feature you could
need in order to perform a man in the middle attack.
Ansible is a Configuration Management System that is very simple to use, because of its straightforward and robust model for managing automation and it’s low barrier to entry for ease of use in both development and production.
During OpenStack development, Ansible can be used in conjunction with Vagrant and Devstack to manage complex, multi-node development environments with relative ease.
In this presentation, Juergen Brendel and David Lapsley review Ansible and provide some sample playbooks to get developers up and running quickly. They also describes how to use Ansible, Vagrant, Devstack, and OpenStack to accelerate OpenStack development cycles.
A presentation I gave on September 26 at the Melbourne Symfony developers group on using Environment Variables (envvars) in Symfony and managing secrets in your PHP applications.
For more information on these subjects, check out the supporting piece I wrote: https://samjarrett.com.au/swipe-right
Through the magic of virtualization technology (Vagrant) and Puppet, a companion Enterprise grade provisioning technology, we explore how to make the complex configuration game a walk in the park. Bring new team members up to speed in minutes, eliminate variances in configurations, and make integration issues a thing of the past.
Welcome to the new age of team development!
Basic commands for powershell : Configuring Windows PowerShell and working wi...Hitesh Mohapatra
Configuring Windows PowerShell and working with basic commands
• Configuring the Windows PowerShell console
• Configuring the Windows PowerShell ISE application
• Finding commands
• Running commands
• Using the About files
5/13/13 presentation to Austin DevOps Meetup Group, describing our system for deploying 15 websites and supporting services in multiple languages to bare redhat 6 VMs. All system-wide software is installed using RPMs, and all application software is installed using GIT or Tarball.
Has the traditional intro to event looped servers (thanks Ryan!) with a couple of examples of why I think node.js is particularly exciting today. Code for the demos can be found at https://github.com/davidpadbury/node-intro.
A lecture on Apace Spark, the well-known open source cluster computing framework. The course consisted of three parts: a) install the environment through Docker, b) introduction to Spark as well as advanced features, and c) hands-on training on three (out of five) of its APIs, namely Core, SQL \ Dataframes, and MLlib.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
2. Hi, I’m Jared.
Sysadmin for 10 years
Likes to take pictures
Likes to break things
I write stuff occasionally here: https://words.photosandtext.com
I twitter stuff @jaredhaight
4. What is Powershell?
Powershell is an object oriented scripting language
Kind of a mix between C# and bash
It is the default method to manage a lot of Windows services now
Two components included
Powershell.exe – The shell
Powershell_ise.exe – The IDE
5. How do I use it?
Variable assignment
$foo = ‘bar’
For loops
ForEach ($obj in $list) {write-host $obj}
Logic
If ($obj –eq “cha-ha.com”) {write-host “those guys are pretty cool”}
RTFM
Get-help command
Get-help command -examples
6. Why do I want to know this crap?
Powershell is what admins are using to manage their boxes now (the good ones
at least)
It actually is powerful
Full access to .NET objects
Can interpret C# code
7. Quick and Dirty Powershell Web Server
#Courtesy of ObsecureSec (http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-
webserver.html)
$Hso = New-Object Net.HttpListener
$Hso.Prefixes.Add("http://+:8000/")
$Hso.Start()
While ($Hso.IsListening)
{
$HC = $Hso.GetContext()
$HRes = $HC.Response
$HRes.Headers.Add("Content-Type","text/plain")
$Buf = [Text.Encoding]::UTF8.GetBytes((GC (Join-Path $Pwd ($HC.Request).RawUrl)))
$HRes.ContentLength64 = $Buf.Length
$HRes.OutputStream.Write($Buf,0,$Buf.Length)
$HRes.Close()
}
$Hso.Stop()
12. Veil PowerTools
https://github.com/Veil-Framework/PowerTools
Part of the Veil Framework
Components
PewPewPew – Run command against a list of servers without touching the HDD
PowerBreach – Offers a variety of ways to trigger backdoor code
PowerPick – Allows the execution of PS code without powershell.exe
PowerUp – Assists with local escalation
PowerView – Network awareness tool
13. Cool stuff in Powertools
PowerView
Invoke-SearchFiles – File search on local or remote hosts
Get-NetDomainControllers
Get-NetGroup – Gets members of a specified group
Get-NetLoggedon – Get users logged into a server
Invoke-StealthUserHunter – Finds Home Directory server and checks for active sessions from
specific users accounts
Invoke-FindLocalAdminAccess – Finds machines that the current account has admins rights on
Get-ExploitableSystems – Cross references systems against common metasploit payloads
14. Cool stuff in Powertools
PowerUp
Get-ServiceEXEPerms – finds services where the user has write access to the exe
Invoke-ServiceUserAdd – Generates an exe that adds a given user to a local group and replaces
a service exe with it.
PowerBreach
Inoke-DeadUserBackdoor – Triggers a payload if a given user account is deleted
Invoke-EventLogBackdoor – Triggers a payload if a specific user fails an RDP login
15. Cool stuff in Powertools
PewPewPew
My favorite name for anything ever.
Invoke-MassCommand – Runs a given command against a bunch of servers
Invoke-MassMimikatz – Runs mimikatz against all the things.
17. Cool things in Powersploit
Exfiltration
Invoke-NinjaCopy – Copies a file from NTFS by reading the raw volume and parsing NTFS structures
Inoke-Mimikatz – Loads Mimikatz into memory and runs it. Doesn’t touch disk when run against a
remove computer.
Get-Keystrokes – Keystroke logger
Get-GPPPassword – Browses Group Policy and finds passwords
Get-TimedScreenshot – Takes screenshots on an interval
Code Execution
Invoke-Shellcode – Inject shellcode into a specified process
18. Cool things in Powersploit
Mayhem
Set-MasterBootRecord – Writes a string to the MBR
Set-CriticalProcess - BSOD
20. Cool things about Nishang
Client
Out-Word – Creates a word file (or infect an existing one) with a macro that downloads and runs
a powershell script
Also see: Out-Excel, Out-HTA, Out-CHM, Out-Shortcut and Out-Java
Backdoors
DNS_Txt_Pwnage – A backdoor that receives commands through DNS TXT queries
Gupt-Backdoor – A backdoor that receives commands from WLAN SSIDs (without connecting)
21. .DESCRIPTION
Gupt looks for a specially crafted Wireless Network Name/SSID from list of all avaliable
networks. It matches first four characters of each SSID with the parameter MagicString.
On a match, if the 5th character is a 'c', rest of the SSID name is considered to be a
command and executed. If the 5th character is a 'u', rest of the SSID is considered the
id part of Google URL Shortener and a script is downloaded and executed in memory from
the URL. See examples for usage.
22.
23. Cool things about Nishang
Gather
Copy-VSS – Copy SAM, SECURITY and AD database using Volume Shadow Copy
Get-PassHashes – Dumps local hashes
Invoke-MimikatzWdigestDowngrade – Downgrades wdigest settings so that plain text passwords
can be retrieved from LSA memory (to bypass protections implemented in Windows 2012 and 8.1)
Shells
Invoke-PSGcat – Executes commands stored in a gmail account
Invoke-PowerShellTCP – Interactive bind or reverse shell
Utility
Do-Exfiltration – Send data to Pastebin, Gmail, Webserver or out as DNS TXT query
25. The Situation
Loki is a disgruntled web developer
Thor also works here, but he’s not part of this demo
Also Tony Stark is the IT guy.
26. Getting local admin
Loki is an unprivileged user on his computer (He’s just in the “Domain Users” group)
Because Loki is a webdev, he has a local development environment installed on his
machine.
This environment was installed with XAMPP, an easy to use package of PHP, MySQL and
Apache.
In the following video, Loki finds that the Apache exe is writable. He then overwrites the
Apache exe with an exe that creates a new local admin account.
Finally he restarts his computer to force the service to restart.
27. Dumping hashes, exfiltrating and
escalating
Now that Loki has a local admin account (“mshackman”) he can dump the hashes for
the local computer
He then exfiltrates this data to pastbin
Finally he disables the wdigest protections in Windows 8.1 in preparation for tricking IT into
logging into his computer.
28. Dumping Active Directory
Loki convinced Tony Stark to login into his computer and is now able to dump Starks
password using mimikatz
With Domain Admin credentials, Loki copies “Copy-VSS.ps1” to a Domain Control and
then proceeds to dump the Active Directory database for offline assessment.
This presentation is designed to cover why Powershell is important to us red teamers and to give an overview of what people are doing with Powershell in the pentesting community.
Windows admins are learning that powershell is the way to manage growing infrastructure. This means that it will be prevalent in the environments that we come across. We should learn how to use it for our needs.
An example of how powerful and flexible PS is. A webserver in 13 lines of code.
Mimikatz is a tool used to dump hashes and credentials out of memory on a Windows box. Invoke-MassMimikatz runs mimikatz in memory so as not to trip most AV.