Investigating PowerShell Attacks - Black Hat
Investigating PowerShell Attacks
Black Hat USA 2014 August 7, 2014
PRESENTED BY: Ryan Kazanciyan, Matt Hastings
? Mandiant, A FireEye Company. All rights reserved.
Background Case Study
Attacker Client
Victim VPN
WinRM, SMB,
NetBIOS
Victim workstations, servers
? Fortune 100 organization ? Compromised for > 3 years
? Active Directory ? Authenticated access to
corporate VPN
? Command-and-control via
? Scheduled tasks ? Local execution of
PowerShell scripts ? PowerShell Remoting
? Mandiant, A FireEye Company. All rights reserved.
2
Why PowerShell?
It can do almost anything...
Execute commands Reflectively load / inject code
Enumerate files Interact with services Retrieve event logs
Download files from the internet Interface with Win32 API Interact with the registry Examine processes Access .NET framework
? Mandiant, A FireEye Company. All rights reserved.
3
PowerShell Attack Tools
? PowerSploit
? Reconnaissance ? Code execution ? DLL injection ? Credential harvesting ? Reverse engineering
? Nishang
? Posh-SecMod ? Veil-PowerView ? Metasploit ? More to come...
? Mandiant, A FireEye Company. All rights reserved.
4
PowerShell Malware in the Wild
? Mandiant, A FireEye Company. All rights reserved.
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- complete powershell secrets tips for professionals
- windows powershell cookbook
- managing powershell in a modern corporate environment
- investigating powershell attacks
- export csv powershell examples
- flashmeta a framework for inductive program synthesis
- windows powershell tutorial for beginners
- module 14
- aws tools for powershell
- powershell pipe to file
Related searches
- new york hat cap
- pull names out of a hat online
- red hat linux command list
- red hat linux command reference
- red hat linux commands pdf
- red hat linux 7 commands
- red hat linux 7 download
- ww2 german hat insignia
- ww2 military hat insignias
- us army hat insignia
- us military hat insignia
- fbi investigating psa card company