filmov
tv
Analyzing PowerShell Payloads Part 7
Показать описание
Episode 7: Extracting the tactical intel from a PowerShell based Covenant payload.
"Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration"
Covenant Repo:
DnSpy Repo:
Write assembly data to file
#$test = (gv o).Value.ToArray()
Retrieve the properties of the assembly code
#$Assembly = [Reflection.Assembly]::Load((gv o).Value.ToArray())
#$Assembly | fl *
Sample Link:
--
John Dwyer
--
Disclaimer: Samples shown in the video were pulled from open source intel locations and we don't recommend accessing the associated IPs or domains.
"Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for red teamers. Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration"
Covenant Repo:
DnSpy Repo:
Write assembly data to file
#$test = (gv o).Value.ToArray()
Retrieve the properties of the assembly code
#$Assembly = [Reflection.Assembly]::Load((gv o).Value.ToArray())
#$Assembly | fl *
Sample Link:
--
John Dwyer
--
Disclaimer: Samples shown in the video were pulled from open source intel locations and we don't recommend accessing the associated IPs or domains.
0:10:45
0:10:45
0:07:32
0:07:38
0:17:38
0:17:38
0:07:32
0:13:22
0:09:26
0:08:04
0:09:26
0:00:28
0:13:14
0:00:46
0:00:32
0:00:15
0:41:38
0:50:58
0:51:28
0:00:32
0:02:10
0:14:38
0:19:16
0:20:38