A Call for Collaboration

If you didn’t make it to Wild West Hackin Fest 2018, be sure to bookmark their page, www.wildwesthackinfest.com, for 2019 tickets. This event was loaded with elite talent, high level training, quality speakers, and plenty of shenanigans. Notably, the keynote was given by Ed Skoudis, who’s presentation titled “The Top Ten Reasons it’s GREAT to…

Copying Files via WMI and PowerShell

WMI (Windows Management Instrumentation) is a service that is installed and enabled by default since Windows 2000. It provides administrators the ability to perform a large number of actions on systems they control, ranging from system monitoring, starting or stopping processes, managing system services, file operations, and more. This is the first of a series…

Mass PowerShell and WMImplant

When developing WMImplant, I wanted to ensure I would have some of the same capabilities on a Device Guard (now Windows Defender Application Control) protected system as I would on a non-protected when utilizing Beacon or Meterpreter. WMImplant is a stepping stone for creating the same capabilities, but also presented some of its own engineering problems…