Video: Stealthy PowerShell Attacks

Resources

Did you know that Impact can natively leverage PowerShell on remote hosts?

Impact can leverage PowerShell (PS) without needing to use the PowerShell executable. This allows Impact to be stealthy in leveraging these kinds of attacks because most endpoint protection solutions are monitoring the PowerShell executable for any suspicious calls. Since we are circumventing the executable, we are effectively circumventing the detection systems as well.

PowerShell is a very powerful management framework for Windows machines. PowerShell offers a wide variety of commands that provide a large degree of control over windows machines. It even has the ability to bypass privilege restrictions which can give you total access to machines you are testing.

Impact has the ability to easily interface with this PowerShell framework, which can open up many different kinds of attack methods to leverage. For example, you can leverage PowerShell to automatically download a PS Script from the web and run it on the asset you are testing.

You can even do this when testing assets that do not have internet access. See how Impact works with PowerShell today.