Thanks to one of Dave Kennedy’s talks for making me aware of this tool for obfuscating PowerShell code. As PowerShell is used more and more in attacks the higher the likelihood there is for defenders to attempt to detect malicious commands or look for specific strings. To evade these detection techniques we can try to encode our commands to make them much harder to detect.
I’ll use the previous Bash Bunny Payload as an example with this tool.
Continue reading “Obfuscating PowerShell Commands using Invoke-Obfuscation”
This will be a quick demo on how easy it is to capture stored WiFi credentials on Windows using the Bash Bunny and WiPassDump payload.
Continue reading “Bash Bunny – Get Cleartext WiFi Creds From Windows Using WiPassDump”
After spinning up the VM I’m met with this logon prompt:
I then run “netdiscover -r 192.168.111.0/24” to find the IP assigned by the host adapter via DHCP:
Continue reading “Mr. Robot:1 – Vulnhub Writeup”
While at Defcon last week I picked up a Bash Bunny from the Hak5 booth. I managed to run into both Darren + Shannon also this year and it was cool finally meeting them both in person!
Continue reading “Bash Bunny!”