Exfiltration with Powershell-RAT

Focused View

Uzair Ansari

20:30

112 View

Exercise Files

exfiltration-powershell-rat.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:16

Module 2 - Exfiltration with Powershell RAT

1. Module Introduction.mp4

01:07

2. Overview of PowerShell-RAT.mp4

03:04

3. Download and Extract the Tool.mp4

01:45

4. Overview of Scripts Used in the Tool.mp4

05:05

5. Configure Allow Less Secure Apps Setting in Gmail.mp4

01:03

6. Executing PowerShell-RAT Tool.mp4

04:58

7. Module Summary.mp4

01:17

Module 3 - Resources

1. Resources.mp4

00:55

Description

In this course, you will learn exfiltration over alternative protocol: exfiltration over unencrypted/obfuscated non-C2 protocol using Powershell RAT.

What You'll Learn?

PowerShell is an important subject of which to have a working knowledge. In this course, Exfiltration with Powershell-RAT, you’ll cover how to utilize Powershell-RAT tool to execute [backdoor attack] in a red team environment. First, you’ll go through some of the scripts that perform specific task that enables you to perform the attack. Next, you’ll apply necessary configurations to facilitate transmission of user activity screenshots as an email attachment that will be sent to the attacker. Finally, you’ll simulate the attack by executing the python script. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques • T1113 - Screen Capture • T1053.005 - Scheduled Task/Job: Scheduled Task • T1020 - Automated Exfiltration • T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol using Powershell RAT.

More importantly, knowing how these techniques can be used against you, will ultimately lend to your ability as an organization, or an individual, to detect and defend against specific attack vectors.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Network Engineering

PowerShell

Uzair Ansari

Instructor's Courses

With over eight years of rich experience in IT, Uzair Ansari has been a noteworthy professional in the Windows identity and automation area. He's currently working as a DevOps engineer. You may know him from his tech blog work at powershellstore.com, but he can also be credited with his contributions on Microsoft TechNet script center. He holds a Bachelors degree in Information Technology. During his professional tenure he has worked on technologies like Windows Powershell, Windows Active Directory, public key infrastructure and Windows Server. He likes to learn and share his knowledge with others.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.