This post is about PowerSAP, a tool that was included in this years BlackHat Arsenal. What I like about this tool is that it does not try to re-invent the wheel and yet keeps it's source code open for all of us to see and understand. The author @_Sn0rkY is upfront about this and mentions this in the tool description itself. Read more about PowerSAP: A PowerShell SAP Security Assessment Tool!
All of us know that post-exploitation we need some mechanism to maintain access on the target. One of the most common methods is by installing a trojan. I have tried to maintain a list of similar tools on the malware sources page on this blog. Now, there is a new entrant which ups the game real time - Koadic. It also happens to be open source and as much difficult to detect by using common methods. Read more about Koadic: An Advanced Windows JScript/VBScript RAT!
My first post regarding this malicious Microsoft Office document generator was about an older version. However a few hours ago, an update was released - Luckystrike 2.0! Major highlights for this awesome release include full support for Microsoft Word in addition to a new COM scriptlet payload and Excel DDE infection support. Along with this, support for Invoke-Obfuscation is inbuilt! Read more about UPDATE: Luckystrike 2.0!
As PowerShell becomes more prevalent in the Windows environment, so will it's use for vulnerability assessment and penetration tests. I have covered a few of them earlier such as PowerSploit, PSAttack. However none of the ones I mentioned help you detect network vulnerabilities. That is set to change with NetworkRecon, a script that helps you find anomalies in observable network protocols. What is NetworkRecon? NetworkRecon is an open source PowerShell network reconnaissance module which will Read more about NetworkRecon: PowerShell to Identify Network Vulnerabilities!
An older post of mine - MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system. Read more about WinPayloads: Generate Undetectable Windows Payloads!
There is a lot of fun offensive stuff being developed in PowerShell these days. An example is Invoke-Phant0m an excellent Microsoft Windows eventlog wiper. This post is about PSAttack, a framework which tries to include almost all Microsoft PowerShell scripts that can be used in a penetration test. Read more about PSAttack: A Offensive PowerShell Console!
Malware's are always getting smarter and trying to outsmart our generic detection methodologies. One of the first ways they avoid detection is by checking if the executing environment is a virtual machine (VM). There are multiple ways to do that. Red Pill by Joanna Rutkowska, verifying memory structures such as Store Interrupt Descriptor Table (SIDT), Store Local Descriptor Table (SLDT), Store Global Descriptor Table (SGDT) and Store Task Register (STR) and checking for well known registry Read more about Antivmdetection: Thwart Virtual Machine Detection!