RedShell – How to truly weaponize PowerShell

Freewater’s new proprietary course, RedShell, is designed to demonstrate the use of Windows PowerShell as a 100% offensive tool. To quote harmj0y, PowerShell is simply “Microsoft’s handy post-exploitation language” and there is no better way to put it. Designed as the answer to all things of Microsoft Scripting, like any administrative interface if it is used with a bit of creativity it becomes a dream to an offensive operator. Microsoft has created a language that is extremely easy to learn (even borrowing or improving on some of the best features of other scripting languages) that exposes all of the APIs within ANY version of Windows.

RedShell focuses on two main facts:

  1. Windows security suffers from a weak underbelly by relying on the “normal” user interface.
  2. PowerShell allows an operator to avoid detection by not introducing any foreign processes, allowing well-written code to avoid modern (and even future predicted) methods of detection.

Topics covered in RedShell:

  • Full AD enumeration with any low privilege account
  • The ability to write to disk as well as calling the scripts without any trigger of antivirus
  • Utilizing common web sites as the control channel for Command and Control
  • Returning the response of a command via a GET request (not POST)
  • The ability to rewrite every aspect of a covert channel
  • Persistence from any trigger
  • Blending in with behavioral analytics
  • Using 3rd party APIs of Web Applications as a communication channel
  • Implementing mass commands
  • Maintaining invisibility without requiring an encrypted channel
  • Establishing a framework for offensive activity

RedShell is designed as a weapon that transcends the commercial use of Penetration Testing. It belongs in the hands of National Security and is therefore not offered to personnel outside of DoD, DHS and Law Enforcement.

EC-Council’s new Certified Network Defender (CND) Course and Certification

Certified Network Defender (CND) is a vendor-neutral, hands-on, instructor-led comprehensive network security certification training program. It is a skills-based, lab intensive program based on a job-task analysis and cybersecurity education framework presented by the National Initiative of Cybersecurity Education (NICE). The course has also been mapped to global job roles and responsibilities and the Department of Defense (DoD) job roles for system/network administrators. The course is designed and developed after extensive market research and surveys.

The program prepares network administrators on network security technologies and operations to attain Defense-in-Depth network security preparedness. It covers the protect, detect and respond approach to network security. The course contains hands-on labs, based on major network security tools and techniques which will provide network administrators real world expertise on current network security technologies and operations.


Computer Hacking Forensic Investigator Certification (NEW version 9)

EC-Council’s CHFI certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure. click here for more information


Like us on FACEBOOK: Check out our updated site. Feel free to post about your experiences with us here at Freewater, or share the page!

On March 29th, 2012, posted in: Blog by