PowerShell

Informational, moth .Net, C#, Cryptography, PowerShell, reverse engineering

Indecent Exposure: Your Secrets are Showing

by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely. This blog post details a true story of […]

Read the entire post here

Blue Team, General InfoSec Tips & Tricks, Informational, InfoSec 101, Red Team Carrie Roberts, PowerShell

Constrained Language Mode Bypass When __PSLockDownPolicy Is Used

Carrie Roberts // PowerShell’s Constrained Language (CLM) mode limits the functionality available to users to reduce the attack surface. It is meant to be used in conjunction with application control […]

Read the entire post here

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, John Strand, Webcasts carbonblack, Cisco, Cylance Bypass, john strand, PowerShell, Sacred Cash Cow Tipping, webcasts, Windows Defender

Webcast: Sacred Cash Cow Tipping 2020

Want to learn how attackers bypass endpoint products? Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_SacredCashCowTipping2020.pdf 3:41 – Alternate Interpreters 9:19 – Carbon Black Config Issue 15:07 – Cisco […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

00419_11262019_WEBCAST_GroupPoliciesKillKillChains

Author, Blue Team, Informational, Jordan Drysdale, Kent Ickler, Webcasts Best Practices, CMD, Group Policies, honey accounts, Jordan Drysdale, Kent Ickler, Kerberos, LAPS, LLMNR, Local Admin Controls, Logging, PowerShell, SMB Message Signing, Sysmon

Webcast: Group Policies That Kill Kill Chains

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can […]

Read the entire post here

Author, Beau Bullock, How-To, Informational, Red Team, Red Team Tools Beau Bullock, Check-LocalAdminHash, Invoke-TheHash, PowerShell, PowerView, PSReadline, TL;DR

Check-LocalAdminHash & Exfiltrating All PowerShell History

Beau Bullock // TL;DR Check-LocalAdminHash is a new PowerShell script that can check a password hash against multiple hosts to determine if it’s a valid administrative credential. It also has […]

Read the entire post here

00375_03062019_PODCAST_EndpointSecurityGotYouDown

C2, Informational, Podcasts, Red Team, Red Team Tools .Net, BYOI, C#, EDR, IronPython, Marcello Salvati, PowerShell, Red Team, SILENTTRINITY, Tradecraft, Windows Defender

BHIS PODCAST: Endpoint Security Got You Down? No PowerShell? No Problem.

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour podcast, originally recorded as […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

00372_02252019_WEBCAST_EndpointSecurityGotYouDown

Informational, Red Team, Red Team Tools, Webcasts .Net, BYOI, EDR, Endpoint, Marcello, Open-Source, PowerShell, Red Team, SILENTTRINITY, Tradecraft, Windows Defender

Webcast: Endpoint Security Got You Down? No PowerShell? No Problem.

Do your PowerShell scripts keep getting caught? Tired of dealing with EDRs & Windows Defender every time you need to pop a box? In this one-hour webcast, we introduce a somewhat […]

Read the entire post here

C2, How-To, Informational, Red Team, Red Team Tools .Net, Carrie Roberts, PowerShell, PowerShell Empire, Red Team, Windows 10, Windows Defender

Getting PowerShell Empire Past Windows Defender

Carrie Roberts //* (Updated 2/12/2020) ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential […]

Read the entire post here

Author, Brian Fehrman, How-To, Informational, InfoSec 101 Application Whitelisting Software, AWS, PowerShell

PowerShell w/o PowerShell Simplified

Brian Fehrman // In a previous post, titled PowerShell without PowerShell, we showed you how you can bypass Application Whitelisting Software (AWS), PowerShell restrictions/monitoring, and Command Prompt restrictions. In some […]

Read the entire post here

1 2 3