Using C# for post-PowerShell attacks

guest · Sep 23, 2018

Using C# for post-PowerShell attacks
September 17, 2018
https://www.forcepoint.com/blog/security-labs/using-c-post-powershell-attacks

C# has received some recent attention in the security community, and the Microsoft.Workflow.Compiler.exe security issue recently identified by Matt Graber at SpecterOps prompted us to take a closer look at the potential for using this technique in real-world attacks.

Recently, C# has received some attention in the security community since it shares the same underlying technology (i.e. the .NET runtime) with PowerShell but is missing many security features that PowerShell has.

A recent example of C# being used for offensive purposes is the PowerShell/C# ‘combo attack’ noted by Xavier Mertens earlier this month [...] A blog post by Forty North Security built on Matt Graber’s research into Microsoft.Workflow.Compiler.exe and demonstrated that you can use the technique to run shellcode on a machine. [...]

All of that said, given recent trends it seems likely that we’ll start to see an increased number of attacks that utilize C# – or combinations of C# and PowerShell such as that featured in Xavier Mertens’ SANS blog – in the coming months.
Click to expand...

itman · Sep 23, 2018

Hum ……… Don't why this is suddenly capturing the pen testers interest. I thought this fact was well known:

Powershell is a wonderful tool and is able to dynamically compile C# code.
Click to expand...

https://isc.sans.edu/forums/diary/Malicious PowerShell Compiling C Code on the Fly/24072/

Log in or Sign up

Using C# for post-PowerShell attacks

guest Guest

itman Registered Member

Log in or Sign up

Using C# for post-PowerShell attacks

guest Guest

itman Registered Member

Useful Searches