Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation
HTML-код
- Опубликовано: 21 дек 2022
- In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts.
Writeup: hackersploit.org/windows-red-...
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#redteaming #cybersecurity #pentesting 
Наука
you're killing it with this content Hackersploit, please upload more!! I've only seen a few of the red team videos but will def be watching more
The videos of HackerSploit are always Masterclass 💪.
The Explanations are perfectly clear.
Just MASTERCLASS.
I recently finished the PTSv2 course, you're a phenomenal teacher!
Can you please give the link of same ?
@@Nikita-sj8og It's hosted on the INE platform, you need to purchase at least a monthly subscription to take the course.
Where can you finish that course He is ine platform instructor or not
Awesome video. Always providing great content…. Merry Christmas 🎉
Alexis, first of all I want to thank you for this fantastic Red Team Fundamentals course!
I've done some testing, and unfortunately, despite the video being recent, almost none of the AV evasion techniques work:
1) Invoke-Obfuscation is the only technique that works.
2) Shellter is immediately detected, both with new versions of WinRar (32bit) and with older versions.
3) Shikata Ga Nai is not detected by Windows Defender using 45 iterations, but the listener does not receive the reverse connection.
I tried Shikata Ga Nai with different payloads created with MSFVenom, and with different iterations, but either it is detected or it does not make the reverse connection.
4) In no case was I able to obscure a reverse shell created with MSFVenom.
The tests were all conducted with Windows Defender on Windows 10 (64bit) in my laboratory.
If you have time and desire, you could update the obfuscation techniques by perhaps deepening the topic.
In any case, thanks as always, you're the best cybersecurity teacher.
See you soon.
UPDATE: Invoke-Obfuscation also works with PowerShell Empire (the CSharp payload is not detected).
Unfortunately, the /powershell/privesc/bypassuac module does not work with PowerShell Empire (it is detected, both with obfuscation and without), despite working perfectly with Metasploit.
happy too see you after a long time
This is top notch material.
thank you hackersploit 😍😍
15'56'' You are fantestic....great video!!!!!
best hacking content ever 👍💯 , keep up the good work
Finally… welcome back
good to see you sir
Gonna watch all your videos and comment after watching them
Welcome back!
Welcome back 🎉
After a long time came with the video.alex my favourite mentor . Can I request any video topics?
Pretty hard to keep a good man down... Welcome Back HS...
best vdo
Welcome back sir
Return of the Mack! good to be back.
@@HackerSploit yes sir today i was watching your video thinking for new video
These videos are great! One question though. Even if you evade the av won't the continuously running command prompt window in the background tip the blue team off?
I am a big fan of youuuuuu
yaaaay!!!!! its been a while
Yo finally !
As usual great video. How many videos will come in this series
Will share the outline in a separate video/live stream.
awesome thanks!
but most EDR's today are really good at stopping shellter from my experience
We follow your channel here in Brazil,,🇧🇷✨ if possible put subtitles in your videos !!!!
Hi...I'm jordan and I'm new to the channel
long time no see alexis
Great video. But I have a question: following all the steps, I get the infected executable file of winrar, but in my case then windows defender detects it , I just pass it on the victim target. How can I avoid it?Thanks
Hello Hackersploit. Can You Help Me ?. I Am interesting in Cybersecuirty. Which Books Can You Recommend To Me ?. Which Books Should l Read ?
I work as a blue teamer at my job, but love seeing on the other side of the fence. You will not evade my defenses >:)
I can try :)
Is this part of red teaming fundamental series part
**Video idea**
Show some offensive example of chatgpt
How pentester can use it?
How will it affect cybersecurity field?
Will ai take cybersecurity job in near future?
can you help me .I cant install powershell it says "Package 'powershell' has no installation candidate"
Input "sudo wine shellter.exe" prompt "wine: could not load kernel32.dll, status c0000135", what should I do?
pleseee review HavocFramework
My regards, brother! Is it possible to recover some photos that I had sent via messenger on a Facebook account that I deleted at the beginning of the year. The person I sent them to was automatically deleted from their inbox when my account was deleted?
🙂🙂🙂
My request please kindly explain ISO 27001 because every cyber security job asking this
Hlo sir i am from India 🙏🏻
Plz would u help me how would i start my journey in cybersec field
let me come in top10
How is it going?
Yeah I'm first 🥇🥇🥇🥇🥇😃😃😃
Please make video's on web app hacking
Your wish is my command.
Thank you sir...... It means a lot
Guess the webapp series got pushed back
Great video. I've tried to do the same, but my Antivirus detected this and blocked it.
Yeah, it seems to work on windows defender but many modern AVs are sophisticated enough to pick up on simple cases like these
Where are Web Pentesting videos :D
Hi bro, my laptop hacked plz help me
Did you stop the WebApp series Sir
Where in the hell is the link my man
7th?
Detected by AV..