Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation

Подписаться 931 тыс.

Просмотров 26 тыс.

50% 1

In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts.
Writeup: hackersploit.org/windows-red-...
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#redteaming #cybersecurity #pentesting

Наука

Опубликовано:

21 дек 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 63

@RealCyberCrime Год назад

you're killing it with this content Hackersploit, please upload more!! I've only seen a few of the red team videos but will def be watching more

@fabricenade9982 Год назад

The videos of HackerSploit are always Masterclass 💪. The Explanations are perfectly clear. Just MASTERCLASS.

@ilbona87 Год назад

I recently finished the PTSv2 course, you're a phenomenal teacher!

@Nikita-sj8og Год назад

Can you please give the link of same ?

@ilbona87 Год назад

@@Nikita-sj8og It's hosted on the INE platform, you need to purchase at least a monthly subscription to take the course.

@ragnarok55 Год назад

Where can you finish that course He is ine platform instructor or not

@baidysall9591 Год назад

Awesome video. Always providing great content…. Merry Christmas 🎉

@torsec6048 Год назад

happy too see you after a long time

@korovamilkplus Год назад

Alexis, first of all I want to thank you for this fantastic Red Team Fundamentals course! I've done some testing, and unfortunately, despite the video being recent, almost none of the AV evasion techniques work: 1) Invoke-Obfuscation is the only technique that works. 2) Shellter is immediately detected, both with new versions of WinRar (32bit) and with older versions. 3) Shikata Ga Nai is not detected by Windows Defender using 45 iterations, but the listener does not receive the reverse connection. I tried Shikata Ga Nai with different payloads created with MSFVenom, and with different iterations, but either it is detected or it does not make the reverse connection. 4) In no case was I able to obscure a reverse shell created with MSFVenom. The tests were all conducted with Windows Defender on Windows 10 (64bit) in my laboratory. If you have time and desire, you could update the obfuscation techniques by perhaps deepening the topic. In any case, thanks as always, you're the best cybersecurity teacher. See you soon.

@korovamilkplus Год назад

UPDATE: Invoke-Obfuscation also works with PowerShell Empire (the CSharp payload is not detected). Unfortunately, the /powershell/privesc/bypassuac module does not work with PowerShell Empire (it is detected, both with obfuscation and without), despite working perfectly with Metasploit.

@DopeForJesus Год назад

This is top notch material.

@parkour.11parkour58 Год назад

Gonna watch all your videos and comment after watching them

@kmengkomsot1479 Год назад

thank you hackersploit 😍😍

@zarandija Год назад

15'56'' You are fantestic....great video!!!!!

@hackproof1 Год назад

Finally… welcome back

@jamesparker5776 Год назад

good to see you sir

@NightMaRe-xl9tr Год назад

best hacking content ever 👍💯 , keep up the good work

@byronshepherd8415 Год назад

Welcome back!

@Funnnnboyy Год назад

Welcome back 🎉

@arupsen121 Год назад

After a long time came with the video.alex my favourite mentor . Can I request any video topics?

@HCKP Год назад

I am a big fan of youuuuuu

@mynealways509 Год назад

Pretty hard to keep a good man down... Welcome Back HS...

@greyhatsecurity Год назад

yaaaay!!!!! its been a while

@rishabhrana3773 Год назад

As usual great video. How many videos will come in this series

@HackerSploit Год назад

Will share the outline in a separate video/live stream.

@netstreamer 11 месяцев назад

These videos are great! One question though. Even if you evade the av won't the continuously running command prompt window in the background tip the blue team off?

@passaronegro349 Год назад

We follow your channel here in Brazil,,🇧🇷✨ if possible put subtitles in your videos !!!!

@Tathamet Год назад

awesome thanks! but most EDR's today are really good at stopping shellter from my experience

@ajoyjohn1487 Год назад

best vdo

@rishabhrana3773 Год назад

Welcome back sir

@HackerSploit Год назад

Return of the Mack! good to be back.

@rishabhrana3773 Год назад

@@HackerSploit yes sir today i was watching your video thinking for new video

@jordanyoung1836 Год назад

Hi...I'm jordan and I'm new to the channel

@onlinewebsites3476 Год назад

Yo finally !

@torsec6048 Год назад

long time no see alexis

@gianlucasanfilippo4669 11 месяцев назад

Great video. But I have a question: following all the steps, I get the infected executable file of winrar, but in my case then windows defender detects it , I just pass it on the victim target. How can I avoid it?Thanks

@r.e.d2016 Год назад

Hello Hackersploit. Can You Help Me ?. I Am interesting in Cybersecuirty. Which Books Can You Recommend To Me ?. Which Books Should l Read ?

@daljeetbhati8353 Год назад

Is this part of red teaming fundamental series part

@GliddingHippo Год назад

can you help me .I cant install powershell it says "Package 'powershell' has no installation candidate"

@alwan7777 Год назад

pleseee review HavocFramework

@xsTaoo Год назад

Input "sudo wine shellter.exe" prompt "wine: could not load kernel32.dll, status c0000135", what should I do?

@user-vu6fy6jm9r 9 месяцев назад

My regards, brother! Is it possible to recover some photos that I had sent via messenger on a Facebook account that I deleted at the beginning of the year. The person I sent them to was automatically deleted from their inbox when my account was deleted?

@jordanyoung1836 Год назад

How is it going?

@RealCyberCrime Год назад

I work as a blue teamer at my job, but love seeing on the other side of the fence. You will not evade my defenses >:)

@HackerSploit Год назад

I can try :)

@16saalkanigga Год назад

**Video idea** Show some offensive example of chatgpt How pentester can use it? How will it affect cybersecurity field? Will ai take cybersecurity job in near future?