Dutch Power Shell User Group – 3rd Power Shell Saturday 2017-04-08
Tag: powershell
Conference Video – Invoke-Obfuscation: PowerShell obFUsk8tion
Power Shell has increasingly become the de facto standard for penetration testers and hackers alike. It enables attackers to “live off the land” by using a Microsoft-signed binary that can execute remote code entirely in memory while bypassing both A/V and application whitelisting solutions. Today’s detection techniques monitor for certain strings in powershell.exe’s command-line arguments. Read More …
powershell code – Find computers
To find a single machine and the date it last logged on Get-ADComputer -identity SRV-DB01 -Properties * | FT Name, LastLogonDate -Autosize Find all the machines Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize
Notes :: Getting around some Defenses
Trying to read up on this for some work things. Dropping a few links here. Will add more notes as I go on. —————————————————————— bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis “”” It’s worth noting that not all the functions get hijacked by AVs/EDRs. Usually only those functions that are known to be abused over and over again in the wiled that Read More …