PowerShell add-on security modules

Script Kiddies 4.0

Article from ADMIN 47/2018

By Thomas Wiefel

Numerous PowerShell add-on modules provide security and attack functions for penetration tests and forensic analyses, to help admins search for vulnerabilities in their networks.

Penetration tests try to find and legally exploit weaknesses in a system's security, so admins can manage their computer systems more securely. Security problems can be identified by using an automated tool, a manual method, or a combination of the two. In this environment, PowerShell can deliver excellent results with its modules for penetration testing and exploits.

Some PowerShell extensions expand the command set or provide more secure alternatives for standard procedures, such as SSH as an alternative to Windows Remote Management (WinRM) remote maintenance. Even malware scanners are implemented as PowerShell components.

Testing Windows Systems

The PowerShell PowerSploit [1] module, developed for penetration testers and reverse engineers, is used for penetration tests and as a vulnerability scanner. PowerShell is the ideal post-exploitation utility for Windows because of its ability to perform a wide range of administrative and low-level tasks without leaving traces on the hard drive. PowerShell scripts run completely in memory and are remote-enabled. The module supports IT managers in the following tasks:

Code execution: Execution of low-level code and code injection.
Script modification: Modifying or preparing scripts for execution on a compromised machine.
Reverse engineering with appropriate tools.
Filtering: Access to sensitive data from a compromised machine.
Chaos: Destructive instructions.
Recon: Support in the reconnaissance phase of a penetration test.

Local installation with install modules might activate your virus scanner, so you should unblock any ZIP files you download from the GitHub repository; otherwise loading additional modules fails (Figure 1).

...

Use Express-Checkout link below to read the full article (PDF).