COMMSEC: Exploitation with Shell Reverse and Infection with PowerShell

The purpose of this presentation, it was to execute several efficiency and detection tests in our lab environment protected with an endpoint solution, provided by CrowdStrike, this document brings the result of the defensive security analysis with an offensive mindset using reverse shell techniques to gain the access inside the victim’s machine and after that performing a Malware in VBS to infected the victim machine through use some scripts in PowerShell to call this malware, in our environment.

Regarding the test performed, the first objective it’s to simulate targeted attacks using a python script to obtain a panoramic view of the resilience presented by the solution, with regard to the efficiency in its detection by Signatures, NGAV and Machine Learning, running this script, the idea is to use the reverse shell technique to gain access on the victim’s machine. After the execute this attack, the the second objective consists in perfoming the PowerShell Script to run this script, to download a VBS Malicious file on the victim’s machine and execute itself, calling this malware provided through Malwares Bazaar by API request.

With the final product, the front responsible for the product will have an instrument capable of guiding a process of mitigation and / or correction, as well as optimized improvement, based on the criticality of risks.

COMMSEC TRACK
Location: Track 4 / CommSec Date: May 27, 2021 Time: 7:00 pm - 7:45 pm Filipi Pires