Powershell Downgrade Attack using Unicorn

Dave Kennedy released a tool called Unicorn that is awesome. It is a tool that uses a powershell downgrade attack and injects shellcode straight into memory. It's based on Matthew Graeber's powershell attacks and the powershell bypass techniques presented by Dave Kennedy and Josh Kelly back at Defcon 18. It supports Metasploit, cobalt strike and your own shellcode. Again, it's awesome.

So, let's check out a simple PowerShell example that is a reverse shell back to a multi/handler using windows/shell/reverse_tcp:



Post Exploitation: SILENTTRINITY

Not too long ago, byt3bl33d3r released a tool called SILENTTRINITY. Essentially, it's an asynchronous post-exploitation agent powered by Python, IronPython, C# and .NET's DLR. Think of it as another PowerShell Empire or Meterpreter. It's awesome.

Below I'll go through a quick example of installing it and running the most basic agent. I will update this as I mess with ST more. But for now, let's just go over the most basics. Let's begin.