So, let's check out a simple PowerShell example that is a reverse shell back to a multi/handler using windows/shell/reverse_tcp:
Powershell Downgrade Attack using Unicorn
Dave Kennedy released a tool called Unicorn that is awesome. It is a tool that uses a powershell downgrade attack and injects shellcode straight into memory. It's based on Matthew Graeber's powershell attacks and the powershell bypass techniques presented by Dave Kennedy and Josh Kelly back at Defcon 18. It supports Metasploit, cobalt strike and your own shellcode. Again, it's awesome.
So, let's check out a simple PowerShell example that is a reverse shell back to a multi/handler using windows/shell/reverse_tcp:
So, let's check out a simple PowerShell example that is a reverse shell back to a multi/handler using windows/shell/reverse_tcp: