Home

Awesome

BlackHat Briefings 2017 BlackHat Arsenal 2016 License PowerShell Twitter

PowerMemory

Exploit the credentials present in files and memory

PowerMemory levers Microsoft signed binaries to hack Microsoft operating systems.

What's New?

The method is totally new. It proves that it can be extremely easy to get credentials or any other information from Windows memory without needing to code in C-type languages. In addition, with this method we can modify the user land and kernel land behavior without being caught by antivirus or new defending techniques.

It can actually be done with 4GL language-type or with a script language like PowerShell which is installed everywhere.

With that being said, this technique implies that the detection is made hard due to the fact that we can do pretty much what we want by sending and receiving bytes.

User land attacks

User land deatures:

Advanced shellcode writings

Hypervisor attacks

Kernel land attacks

Real world – weaponization