[Quick Notes] Powersploit - AV Evasion On my pentest engagements, I primarily use Powershell (PS) & PS based exploitation tools & frameworks like CME, Empire, Powersploit, Nishang, Veil, etc, along with Metasploit & other tools. This short writeup is one of the AV evasion scenarios. Posting here for reference.
To start with, a vulnerability is a weakness in the target system which creates a security risk - that it can be exploited.
An exploit is a way, a piece of code that can trigger & take advantage of a vulnerability.
A payload is the actual component in the attack which 'do' things for an attacker.
Therefore, a payload must have at least 2 components in it:
1. Communications capability - set up communication channel for the attacker
2. Functionality - defines what all actions an attacker can perform
Metasploit provides 2 types of payloads: