Name: Windows Exploitation and Persistence with PowerShell
Start: 2017-01-25T19:30:00+13:00
End: 2017-01-25T22:30:00+13:00
Location: The Twisted Hop

Kim will walk us through a collection of PowerShell delivery (RAM, not disk) techniques for a commonreverse shellcode.

The common payload takes the user supplied shellcode and overwrites the first 0x1000 bytes ofthe calling instance of PowerShell, creates a thread to execute within thevirtual address space of the calling PowerShell instance and starts it.

All delivery and persistence techniques ensure AV bypass of shellcode.

Kim has dissected and will explain how the virus and payload works.

We will look at delivery mediums (virus):
* compiled c executable (teaser: https://youtu.be/a01IJzqYD8I)
* office document (take your pick) C/- Nishang

Persistence mediums:
* Meterpreter (if it works)
* PowerSploit

Chris C

Kevin

Information Security Interest Group - Christchurch, NZ

Technology

Application Security

Software Development

White Hat Hacking

Internet Professionals

Web Security

Network Security

Computer Science

Information Security

Software Security

Computer Security

Ethical Hacking

Cloud Security

Penetration Testing

Web Application Security

Windows Exploitation and Persistence with PowerShell

The Twisted Hop

Share this event

Windows Exploitation and Persistence with PowerShell

Details