a
A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Fun with One Line of Powershell - Matthew Turner Bsides Cleveland 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

Fun with One Line of Powershell
Matthew Turner

This talk shows how to use one line of PowerShell in different ways to get meterpreter on a system. Beginning with the creation of a malicious ps1 file using msfvenom, starting a handler, and hosting the malicious ps1 for targets to download. Once the target runs the one liner, it'll download and execute the malicious ps1 file giving you a meterpreter session. I then go over different ways to get targets to run the one liner using a Teensy, a shortcut on a network share, a macro enabled spreadsheet, a misconfigured mssql server (blank SA), and using ysoserial to exploit vulnerable java deserialization functionality.

I live in North Carolina and I work for a fortune 500 financial institution on their Red Team. I have GPEN, GWAPT, GCIH, GSEC certifications. I was born and raised in the greater Cleveland area and moved to the Durham/Raleigh area a little over 2 years ago.

I wrote this talk with newer pentesters in mind. I wanted to provide tips and tricks that were simple and effective and could be applied as soon as they got back to work.


Back to Bsides Cleveland 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast