Powershell Downgrade Attack using Unicorn

Dave Kennedy released a tool called Unicorn that is awesome. It is a tool that uses a powershell downgrade attack and injects shellcode straight into memory. It's based on Matthew Graeber's powershell attacks and the powershell bypass techniques presented by Dave Kennedy and Josh Kelly back at Defcon 18. It supports Metasploit, cobalt strike and your own shellcode. Again, it's awesome.

So, let's check out a simple PowerShell example that is a reverse shell back to a multi/handler using windows/shell/reverse_tcp: