caneacsu 251 Report post Posted March 13, 2017 Hello, I recently talked at the Romanian PowerShell User Group. The discussion revolved around discovering hosts and services on a network in a post-exploitation scenario. I wanted to provide a few methods, native to windows, to accomplish this, as we all know that uploading our custom tools / binaries to a compromised system is not always an option. Let me know what you think and don't be afraid to ask questions. Thanks ! Slides: Demo Code: https://goo.gl/IEbfUz Share this post Link to post
element 53 Report post Posted March 15, 2017 Awesome! In fact there are so many things you can do with PS and native Windows functionalities during a pen-test.. and most of them are totally stealth :-) Remote shells, remote code execution, pivoting, pass-the-hash, privilege escalations scripts etc etc ... are just some other examples.... Who said that windows is just point&click? ;-) Share this post Link to post
caneacsu 251 Report post Posted March 15, 2017 I totally agree, the possibilities are endless. This has been my area of focus lately and to be honest, it could be a discipline by itself. Share this post Link to post
element 53 Report post Posted March 16, 2017 9 hours ago, caneacsu said: I totally agree, the possibilities are endless. This has been my area of focus lately and to be honest, it could be a discipline by itself. This is my area of "focus" too.. I've written something about this too, ex: https://decoder.cloud/2017/01/26/dirty-tricks-with-powershell/ 1 Share this post Link to post