Elevator Pitch
Gotta love those one-liners! we all use Bash everywhere for everything, yet rarely do sys admins & hackers realize the potential of PowerShell as a quickn’dirty “hacking tool” (open sourced on Mac/Linux/Windows). Join this fun session with lots of technical hands-on demos!
Description
Inspired by a side-talk with a fellow hacker in a recent conference, we both agreed that “one-liners are a hacker’s/SysAdmin’s best friend”, yet many in the infoSec community don’t know about how cool Powershell can be for the average Bash scripter - with short, powerful One-Liners that can do pretty much anything, AND return objects at the end of every action! The world runs on code. InfoSec runs code. yet infosec does not have much time. So we use one-liners like Pros! yep, we all use Bash everywhere for everything, yet rarely do sys admins & hackers realize the real potential of PowerShell as a quickn’dirty “hacking tool” (open sourced on Mac/Linux/Windows). It has evolved greatly in the last decade to became the tool of choice for Windows Post-Exploitation by many, yet also for Sys Admins it is a dream of functionality and, well, ‘Power’. Indeed, with great power(shell) comes great responsibility. Join this fun session with highly technical hands-on demos, covering attacks, defending, forensics, malicious vectors, cryptography and other security & management related hacks! Scanning the entire internet, running fileless in memory without touching disk, running powershell without powershell and more. We will wrap up with some yummy “dessert”, including our research of bypassing all PowerShell defenses (transcriptions, event logging, AMSI etc) in creative ways, with no-fix :)
Notes
Speaking at DeepSec Vienna 2023, Hacktivity 23’, DevOpsDays Vilnius 23’, bSides Krakow 23’, x33fcon 23’, Craft 2023 closing keynote, NullCon 2023, HackCon 2023, SEC-T 2022, Reversim 2022 keynote, SecurityFest 2022, Hack In Paris 2022, SecurityWeekly, Colombia 4.0 keynote, Brazil’s national Cyber Security conference, Bsides TLV (2019, 2020, 2021), OSDF Con 2021, MTB/MGB (microsoft), Israel’s national directorate geo-cyber event(s) in Tel Aviv, TED / TEDx and more.
Research on Windows shell defenses bypass & PowerShell bypass (invisi-shell) published on github. Another open source Research and tool for detecting Golden Tickets & Pass-The-Hash in Microsoft domain environments (agentless, real time) published also on github (GOLDFINGER).
A. SEC-T 2022 - ‘When SysAdmin & Hacker Unite’ - https://www.youtube.com/watch?v=4iAM76n1b5o
B. The ‘Microsfot Mainframe’ - talk @ SecurityFest 2022 - https://youtu.be/dVf90-T9lcI?t=735
C. “ Forensic artificats that make you go hmmm… “ - talk @ BSidesTLV 2021 - https://www.youtube.com/watch?v=60Y07kdcIcw
D. ‘Powershell as a hacking tool’ @ BSides TLV 2019 - https://www.youtube.com/watch?v=Bg_Iy6gpq30
E. The H@כker mindset - Information Security Reality Vs. Myths - Talk @ Brazil’s government/public sector conference - https://www.youtube.com/watch?v=NQllXfX7nNs&t=4753s
F. .. and my music :) - https://www.youtube.com/watch?v=d8MAmmIBJng (Public speaking is Not the only stage I feel comfortable at..)