The capacity of calling the API of Windows (system DLLs) and programming to the lowest level thanks to the C# code compilation on the flight make PowerShell a tool able to search memory patterns, capture keystrokes, load DLLs reflectively, etc. Frameworks such as Empire or Nishang, provide the pentester with a toolkit that can be used on a day to day basis in the development of security audits and penetration tests. The use of PowerShell scripts in order to develop pentesting tasks in Windows environments has spread in recent years. Besides, advantages and disadvantages of each of the procedures are also included. Please, find in this post a detailed explanation of all the procedures explored during the development of the keystroke interception function of the keylogger software. And given the specific condition of the scenario, the best resulting option was programming a small script in PowerShell in order to save and exfiltrate keystrokes. The creation of a keylogger in PowerShell during the development of a Tarlogic Red Team exercise was necessary.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |