The Lyceum threat group (aka Hexane) again initiated an attack, but this time they have a weird variant of a remote-access trojan (RAT). This time they are using the PowerShell scripts and .NET RAT to deploy keylogger on the targeted Windows system and steal credentials. Since this trojan doesn’t have any specific method to communicate […]
Windows Firewall Ruleset Windows firewall rules organized into individual powershell scripts according to: Rule group Traffic direction IP version (IPv4 / IPv6) Further sorted according to programs and services such as for example: ICMP… The post WindowsFirewallRuleset: Windows firewall ruleset powershell scripts appeared first on Penetration Testing.
Various PowerShell scripts that may be useful during a red team exercise. The repo includes the following scripts: Red Team Powershell Scripts Search-EventForUser.ps1: Powershell script that search through the Windows event logs for specific user(s) Search-FullNameToSamAccount.ps1: Full name to SamAccountName Search-UserPassword.ps1: Search LDAP for userPassword field Remote-WmiExecute.ps1: Execute command remotely using WMI Take-Screenshot.ps1: Take a […]
Hackers use malicious MSI files that download and execute malicious files that could bypass traditional security solutions. The dropped malware is capable of initiating a system shutdown or targeting financial systems located in certain locations. Security researchers from TrendMicro discovered JScript/VBScript codes in several malicious *.msi files distributed through spam emails. The malicious JS code […]
Invoke-PSImage takes a PowerShell script and embeds the bytes of the script into the pixels of a PNG image. It generates a oneliner for executing either from a file or from the web. The least significant 4 bits of 2 color values in each pixel are used to hold the payload. Image quality will suffer […]
Nowadays Hackers Distributing Advanced Fileless Malware with Evasion capabilities which are very Difficult to Detect. These types of malware sit in the system registry and making hard for Antivirus hard to identify the infection. The security researchers from Quick Heal Security Labs detected as Fileless malware which uses PowerShell scripts stored in the windows registry. […]