PowerShell for Hackers

March 18, 2014 (at 9 a.m.)

PowerShell has changed the way how Windows is used, secured and also the way Windows is 0wned. It is an automation platform for everybody; developers, defenders and attackers. PowerShell provides easy access to almost everything in a Windows machine and network. It comes installed by default in modern versions of Windows. During a penetration test, it could be really helpful to use this powerful shell and scripting language for further attacks.

This workshop would help anyone who wants to know more about powershell from security perspective. If you are a defender, you could learn how this attack vector can be used against a corporate environment. If you are a pen tester you would learn how to use powershell for pen testing in a windows environment. We will look at various techniques like privilege escalation, backdoors, keylogging, data exfiltration, dumping system secrets in plain, persistence, pivoting, using third-party websites as C&C, web shells, bots… the list goes on.

We will walkthrough a Penetration Test and will use powershell at each step. This workshop includes Hands-on, exercises, source code discussion and live demonstration of attacks. It will forever change how you do pen test of a Windows based environment.

Course Content

Prerequisites

Basic understanding of a programming or scripting language could be helpful but is not mandatory. An open mind.

System Requirements

A Windows 7 or later system, with Administrative access and ability to run PowerShell scripts.

Nikhil Mittal

Nikhil Mittal is a hacker, infosec researcher, speaker and enthusiast. His area of interest includes penetration testing, attack research, defence strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.

He specializes in assessing security risks at secure environments which require novel attack vectors and "out of the box" approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.

Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world’s top information security conferences.

He has spoken at conferences like Defcon, BlackHat USA, BlackHat Europe, RSA China, Troopers, DeepSec, PHDays, BlackHat Abu Dhabi, Hackfest, ClubHack, EuSecWest and more. He blogs at http://www.labofapenetrationtester.com/