PowerShell

Red Team, Red Team Tools how to hide payload in MS docs, Malware, Microsoft, MS Word, pen-testing, penetration testing, pentest, Pentesting, Pentesting tips and tricks, PowerShell, PowerShell Scripts, Word

Hide Payload in MS Office Document Properties

Carrie Roberts* // Can you think of a reason why you might want to put a lengthy comment into the properties of an MS Office document? If you can, then […]

Read the entire post here

Red Team, Red Team Tools automating commands, Empire, Empire Project, Listeners, PowerShel commands, PowerShell, PowerShell Empire

Empire Resource Files and Auto Runs

Carrie Roberts* // I have added resource file and autorun functionality to PowerShell Empire. Empire now has the ability to run multiple commands at once by specifying the commands in […]

Read the entire post here

Red Team, Red Team Tools Grep, PowerShell, PowerView

Grepping Through PowerView Output

Carrie Roberts//* Have you found yourself trying to Grep through PowerView output, or any PowerShell output for that matter, and find that it returns no results for text you know […]

Read the entire post here

Author, David Fletcher, Phishing, Red Team Empire, Macro, macro malware, OSX, PowerShell, Windows

How To: Empire’s Cross Platform Office Macro

David Fletcher // During our testing, we encounter organizations of various different sizes, shapes, and composition.  One that we’ve run across a number of times includes a fairly even mixture […]

Read the entire post here

Author, Brian Fehrman, Red Team, Red Team Tools Bypassing Web-Proxy Filtering, C2 Channels, penetration testing, Pentesting, PowerShell, Web-Proxy Filtering

How to Bypass Web-Proxy Filtering

Brian Fehrman // Someone recently posed a question to BHIS about creating C2 channels in environments where heavily restrictive egress filtering is being utilized. Testers at BHIS, and in the […]

Read the entire post here

Author, Beau Bullock, Recon, Red Team, Red Team Tools HostRecon, PowerShell, Situational Awareness, tool

HostRecon: A Situational Awareness Tool

Beau Bullock // Overview HostRecon is a tool I wrote in PowerShell to assist with quickly enumerating a number of items that I would typically check after gaining access to […]

Read the entire post here

Author, C2, David Fletcher, Red Team anti-virus, AV, bypassing AV, Cylance, Cylance Bypass, metasploit meterpreter, PowerShell, PowerShell Empire Agent

Bypassing Cylance: Part 4 – Metasploit Meterpreter & PowerShell Empire Agent

David Fletcher // The following techniques serve to illustrate methods for obtaining C2 communication in a particular Cylance protected environment.  The configuration of the centralized infrastructure and the endpoint agents […]

Read the entire post here

Author, Brian Fehrman, Red Team, Red Team Tools AV, AV bypass, AV vendors, ESET, Kaspersky, PowerOPS, PowerOPS Frameword, PowerShell, Tipping Cash Cows

Power Posing with PowerOPS

Brian Fehrman // As described in my last blog post, Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV (sheeesh…it’s been a bit!), we are seeing more environments in […]

Read the entire post here

C2, Red Team C2, DNS C2, dnscat2, PowerShell, tunneling

PowerShell DNS Command & Control with dnscat2-powershell

Luke Baggett // Imagine a scenario where a Penetration Tester is trying to set up command and control on an internal network blocking all outbound traffic, except traffic towards a […]

Read the entire post here