Kim will walk us through a collection of PowerShell delivery (RAM, not disk) techniques for a common reverse shellcode.
The common payload takes the user supplied shellcode and overwrites the first 0x1000 bytes of the calling instance of PowerShell, creates a thread to execute within the virtual address space of the calling PowerShell instance and starts it.
All delivery and persistence techniques ensure AV bypass of shellcode.
Kim has dissected and will explain how the virus and payload works.
We will look at delivery mediums (virus):
Bring your pentesting devices if you want to do this workshop style, and we can do hands on.