Explore >> Select a destination
|
You are here 
|
eddiejackson.net | ||
| | | | |
forensicitguy.github.io
|
|
| | | | | In this post I want to take a look at a PowerShell-based Cobalt Strike beacon that appeared on MalwareBazaar. This particular beacon is representative of most PowerShell Cobalt Strike activity I see in the wild during my day job. The beacons often show up as service persistence during incidents or during other post-exploitation activity. If you want to follow along at home, the sample I'm using is here: | |
| | | | |
cornerpirate.com
|
|
| | | | | My post is really to remind myself that this exists. The hard work was done on labofapenetrationtester.com back in 2015. I found that this worked for me well. First the code from that blog (only slightly modified): function Invoke-PowerShellUdp { [CmdletBinding(DefaultParameterSetName="reverse")] Param( [Parameter(Position = 0, Mandatory = $true, ParameterSetName="reverse")] [Parameter(Position = 0, Mandatory = $false,... | |
| | | | |
adsecurity.org
|
|
| | | | | [AI summary] This article discusses the security features and benefits of PowerShell v5, including script block logging, system-wide transcripts, constrained PowerShell, and antimalware integration (AMSI) for enhanced system protection. | |
| | | | |
blog.pkh.me
|
|
| | | |||
