Windows Red Team Exploitation Techniques | Luckystrike & PowerShell Empire

Подписаться 931 тыс.

Просмотров 52 тыс.

50% 1

In this video, I will be exploring the various Windows Red Team exploitation techniques that can be used for initial access. I will be demonstrating the process of creating a malicious macro document for phishing and how to set up a C2 (Command and Control) server with PowerShell Empire & Starkiller.
Empire is a post-exploitation framework, that supports various Operating Systems (OS). Windows is purely implemented in PowerShell _(without `powershell.exe`!)_, and Linux/macOS is done in Python 3. Feature-rich with various options to bypass various protections _(and allows for easy modification for custom evasion), Empire is often a favorite for Command and Control (C2) activity.
Luckystrike is a PowerShell-based utility for the creation of malicious Office macro documents. To be used for pen-testing or educational purposes only.
-----------------------------------------------------------------------------------
LINKS:
Register for part 2 (FREE!): event.on24.com/wcc/r/3464946/...
Get $100 in free Linode credit: login.linode.com/signup?promo...
MITRE ATT&CK Framework: attack.mitre.org/
TOOLS:
Luckystrike: github.com/curi0usJack/luckys...
PowerShell Empire: www.kali.org/blog/empire-star...
-----------------------------------------------------------------------------------
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
-----------------------------------------------------------------------------------
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
-----------------------------------------------------------------------------------
CYBERTALK PODCAST ►► open.spotify.com/show/6j0RhRi...
-----------------------------------------------------------------------------------
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
-----------------------------------------------------------------------------------
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#RedTeam#CyberSecurity

Наука

Опубликовано:

30 окт 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 80

@Child0ne 2 года назад

Dam man you are killing it lately with the content. Good job, thank you

@F.M671 2 года назад

I love your content man. Straight to the point, practical ,KISS , Will definitely become a better pentester w your channel.

@mahimabhati 2 года назад

Great content pls continue I haven't seen anyone is doing this much for community Thank you

@desigamer346 2 года назад

Sir great work 👍 in free of cost we are very grateful to have you 🙏

@shidypix8726 2 года назад

No words alive that I can use to thank you and the effort you put in just to deliver this bowl of gold for us ..... Thanks alot God Bless You we appreciate

@EnlightTheHack 2 года назад

The starting music gives me goosebump And the level of content is insane Thankyou Alexis Love from India

@code.islife493 2 года назад

Tldr; windows defender > powershell empire. When Windows defender comes through, it's crushing everything in this video. Great intro video, but kids, exploitation is soooooo much harder than it looks! This road takes dedication.

@The_One_0_0 2 года назад

Lol

@carl76848 2 года назад

Awesome bro just keep posting this series 💯

@juul216 2 года назад

Nice insight in how a c2 works thanks

@rudrasalaria3431 2 года назад

You're really good. Your videos are always insane. Thank U Sir. Lots of Love from India. 🇮🇳

@rajadityashrivastava7396 Год назад

Rudra can you please tell me how can I extract hashes of desired file in Linux mint or kali ??

@mohadioum3314 2 года назад

Sir I swear to god you're the best keep it good and thank you

@stillunknown5785 2 года назад

❤️ Thanks Man keep making Great content

@russianbear3343 2 года назад

Good work done. congrats!!!

@michaeltrokkoudes3831 2 года назад

Great content!!! Thank you!

@mhasisetuobelho2086 2 года назад

awesome and super informative tnx keep the good work going \

@robinsaifullah6692 2 года назад

gr8 content man..thank you so much

@hannahprobably5765 2 года назад

Alexis ur the man, huge thanks

@danishbutt6975 2 года назад

Best forever 😘

@justjuicecompany2152 2 года назад

Love the content. How do you get your kali terminal prompt like that?

@0xdamian816 2 года назад

This is good content.

@awdwadawda352 2 года назад

Thank you so much for your content and FREE! Do you have a patreon or something?

@init_6415 2 года назад

Yah he does have patreon, look at the video description

@korovamilkplus Год назад

Another fantastic video for this wonderful course! Unfortunately I can't get the payload path into LuckyStrike, despite the fact that I have tried both writing it in lower case and changing the payload position. Anyway, thank you very much Alexis! Ps: does anyone know an alternative to LuckyStrike for Linux?

@8080VB 2 года назад

True GEM !

@DArkZpiNer 2 года назад

Where's the encode Shikata ga nai video? Good video!!

@bloodgracet5640 2 года назад

Hackersploit: could you make a video in the future about using Cobalt Strike in the red teaming environment? Ive noticed a lack of cobalt strike videos, when from what Ive seen C.S. is a very powerful tool for penetration testing?

@lulztigre Год назад

it's expensive so generally not many people can afford it

@bloodgracet5640 Год назад

@@lulztigre yes I know thanks

@Ashishkumar-mw1gj 2 года назад

Buddy all courses available

@mrri8403 2 года назад

Hello sir I tried the methods for creating the malicious macros using lucky strike but they keep getting flagged by av, I even bought commercial software to obfuscate the macros but same result . is it the fact that I’m using meterpreter as my payload?

@avihaichuk Год назад

For some reason starkiller is not build/cant be install on kali linux.. there is any idea for that?

@xsTaoo Год назад

me too

@fuadmonsoon 2 года назад

Hello, do you teach this in Ethical Hacking training on your website?

@ishitadubey6334 2 года назад

How are you able to access local server of Kali VM on Windows VM? Please specify the network setting of both the VMs as I am unable to open Kali local server on Windows. I am using the command python -m SimpleHTTPServer 8080 on Kali VM.

@IgniteMotiverse 2 года назад

Hai, how to download these videos?

@systemnetworkh2442 Год назад

but hackers need to disable windows defender... so this exploitation doesn t still work ?

@user-js1gj5yw2x 7 месяцев назад

i will be happy if you do the phishing tutorial and put on your website

@ghostprime5736 4 месяца назад

which version of office is compatible

@chiranjeevinaidu3660 2 года назад

Hello hackersploit I wanted to ask uf ther is a detailed book on this topic Thank you Morpheuslord

@piplupsingh5993 5 месяцев назад

The url for part 2 is not working

@lulztigre Год назад

whats the difference between Http listener and TCP?

@systemnetworkh2442 Год назад

english is not my mother tongue , I also understood that we can utilise that on other OS than windows ?

@mrniko1340 2 года назад

i love u u so good

@deveshsaini3139 2 года назад

First view here......

@rayane2290 2 года назад

Mm si va faloir stop d rvz . Bien k hack pr soc ktaim bien russ par ex ?

@xsTaoo Год назад

The “starkiller” cannot be opened, and the system prompts that “powershell-empire” has been installed, what should I do ε(┬┬﹏┬┬)3

@Umairmalik-kf3dh 2 года назад

Sir can u please how we can smooth kali linux working like your kali

@abidv.0.1 2 года назад

hahaha still talking about performance

@rayane2290 2 года назад

Cnfince en tw pr dns 3 an hacker pr lcompte de ...

@theg4925 2 года назад

Sir, can i ask, how can i study cybersecurity and go for a job without college degree??

@theg4925 2 года назад

@hackR Sir i beg to differ, my question's context was to ask for a roadmap if any for pursuing cyber security without college to upto Employer's level

@theg4925 2 года назад

@hackR Sir, it seems you are indeed involved in exquisite way in this field. Would u mind, answering me a few queries when u have time at ur convenience over fb or any other thing u like?? btw i'm interested in Network hacking,i find it very intimidating and rewarding at the same time

@rahulramteke3338 2 года назад

4:16 youtube sucks Good content tho

@wickhere7996 2 года назад

So you are just covering OSCP am i right? ;)

@poonambisht2697 2 года назад

His voice is just🥵

@HackerSploit 2 года назад

Is that a good thing?

@poonambisht2697 2 года назад

@@HackerSploit yes .... It feels like a Top FBI agent or a boss of some Hackers group of Russia 😝🤩

@kingsmonarch4591 2 года назад

Sorry to say sir You got that right in a amazing way but this isn't working in real life because windows defender is disabled 😤😤😤

@yasaswigrandhi5043 2 года назад

The part2 link will be available for long time?

@Lohitjethwani 2 года назад

20th view :)

@rayane2290 Год назад

it means that the target has to disable his anti virus lol ????

@rayane2290 Год назад

uppp

@know_my_name 2 года назад

Windows disliked this ;))

@rayane2290 2 года назад

tpass jms à l action m a dit

@debdwaipayankarmakar9560 2 года назад

Miss the face cam

@ghostprime5736 4 месяца назад

@rayane2290 2 года назад

À amin et keep dans ce SEUL truk pr pa decu ke 2 h cam no surtt. Pa dans un an. Stop les truks pr rien. Et patienttt patiennnttt dns ce truk bnhm mais keep

@Ganeki-san 2 года назад

Hey, Love your video and I even registered and looked at your part 2 but looks like there is an issue. LuckyStrike doesn't get past AV (Defender). Not for .exes (even non-malicious ones I tested) and not for powershell scripts (also non-malicious and even non-detectable malicious ones like the net cat backdoor you obfsucated in part 2, on its own it works around AV but when put into a macro via LuckyStrike its detected). sense LuckyStrike is apparently dead and doesn't work for macro generation, do you know of a new source that does or any basic VBA scripts that work? (When I saw work I mean can execute even non-malicious exes and powershell scripts).

@HackerSploit 2 года назад

Hello, we will cover AV evasion as we progress.