Quick Notes

10 Sep 2016

Powersploit – AV Evasion

[Quick Notes] Powersploit - AV Evasion On my pentest engagements, I primarily use Powershell (PS) & PS based exploitation tools & frameworks like CME, Empire, Powersploit, Nishang, Veil, etc, along with Metasploit & other tools. This short writeup is one of the AV evasion scenarios. Posting here for reference.

Read more

25 Dec 2011

[Quick notes] Metasploit payload types

To start with, a vulnerability is a weakness in the target system which creates a security risk - that it can be exploited.
 
An exploit is a way, a piece of code that can trigger & take advantage of a vulnerability.
A payload is the actual component in the attack which 'do' things for an attacker.
 
Therefore, a payload must have at least 2 components in it:

1. Communications capability - set up communication channel for the attacker
2. Functionality - defines what all actions an attacker can perform
 
Metasploit provides 2 types of payloads:

Read more