Windows Red Team Persistence Techniques | Persistence With PowerShell Empire
ฝัง
- เผยแพร่เมื่อ 15 ต.ค. 2024
- In this video, I will be exploring the various Windows Red Team persistence techniques that can be used to maintain persistent access to Windows targets with PowerShell Empire.
Empire is a post-exploitation framework, that supports various Operating Systems (OS). Windows is purely implemented in PowerShell _(without `powershell.exe`!)_, and Linux/macOS is done in Python 3. Feature-rich with various options to bypass various protections _(and allows for easy modification for custom evasion), Empire is often a favorite for Command and Control (C2) activity.
Writeup: hackersploit.o...
-----------------------------------------------------------------------------------
LINKS:
Register for part 2 (FREE!): event.on24.com...
Get $100 in free Linode credit: login.linode.c...
MITRE ATT&CK Framework: attack.mitre.org/
TOOLS:
PowerShell Empire: www.kali.org/b...
-----------------------------------------------------------------------------------
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
-----------------------------------------------------------------------------------
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
-----------------------------------------------------------------------------------
CYBERTALK PODCAST ►► open.spotify.c...
-----------------------------------------------------------------------------------
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
-----------------------------------------------------------------------------------
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#RedTeam#CyberSecurity
I'm glad I took this course and learned the basics of PowerShell-Empire/Starkiller, which I barely knew before (it's briefly mentioned in PTSv2).
However, after many attempts and many hours "lost," I can say that today Windows Defender can block almost everything.
In addition to the aforementioned powershell/privesc/bypass, which only works with Windows Defender disabled (and even requires user input LOL), persistence techniques are also easily blocked.
Both registry method and scheduled task method at Windows reboot do not reconnect to the Listener, and a quick look at the Windows Defender history shows that they are blocked easily.
In practice, the only thing that still works is Invoke-Obfuscation! :,)
Anyway, as always, thank Alexis for using your time to share your knowledge with everyone for free.
See you soon!
You are great teacher. Seriously. Your skill are amazing. I am your fan. Lots of love from India. 🇮🇳
I did learn some from this. But non of the persistence techniques seem to work on WIn 10 anymore. Spent all day trying
It s ennificient I find that hackers can't send the infectious.xls with defender windows enable . I guess there is some code to disable windows defender or make the infectious files stealth ?
Another one from hackersploit 🔥🔥🔥
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Hackersploit Back again with another video😍
for you guys
yayyyyyy Fav Teacher back again with another video ( hackersploit voice )
Hey guys i have a question, i need to protect windows in passive mode against linux cd usb, there is a way i can do that ?🤔 Because i try with bios UEFI secure boot but him just take of the bios battery reset password disabled secure boot...
Total encryption is no admissible actually because difficulty to reach access in case we need recover something, so i am looking by something in a windows file system level ? I need block him to replace magnify by cmd... Ty in advance.
Probably protecting physical access?
@@maddinmanek8679 ty, yeas i guess i will need some kind of key lock physically.
Would be nice be at the top of the food chain by blocking access in a binary way and show muscle 💪🏻 😁 hope i can do something at a binary level like encrypt just windows folder, that would be nice 🙂
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Good stuff
Keep up the good work
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Useful , also its better to take a snapshot before trying .
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Perfect as always 😎
Thanks for the knowledge
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
💥💥💥
As always great video keep it doing 😊
Check this one out th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Hello sir! Can I download your videos from link in the web site?
Why not of course
We can
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Love it
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Most commentors of this channel should take a complete Linux basic course to stop asking basic questions....
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Anyone else have problems getting PE to work on the last few builds of kali?
th-cam.com/video/K3t6Jf3vuPw/w-d-xo.html
Every time when I use *Metasploit* with my *Windows 10* _command prompt._ it shows me an *error* like this:
*Unable to load the EventMachine C extension; To use the pure-ruby reactor, require 'em/pure_ruby'*
Missing packages to run it
@@disrael2101 What should i do
@@youdontknowme-b9u why not just run it in linux?
@@itzzbayzz Today I installed kali linux in virtual box. Now it is working fin. thanks
*_Thanks for everyone who help_*
💀😈
First💀
Please add English subtitles to your videos sir
Why? His accent is understandable
@@sandeepr7141 I don’t think it is the man’s English that is the problem but some people need the subtitles to better understand what is being said (regardless of if the speaker “has an accent”))