powershell

Labs powershell

15 Ways to Bypass the PowerShell Execution Policy

December 16, 2022

By default, PowerShell is configured to prevent the execution of PowerShell scripts on Windows systems. In this blog I’ll cover 15 ways to bypass the PowerShell execution policy without having local administrator rights on the system.

Learn More

Azure Azure Pen Testing Azure Virtual Machines Cloud Security Cloud Shell powershell

Attacking Azure with Custom Script Extensions

February 13, 2020

NetSPI's Jake Karnes explains two paths you can take to execute commands on Azure VMs from the Azure Portal and Cloud Shell.

Learn More

Automation Accounts Azure Cloud Security Persistence powershell

Maintaining Azure Persistence via Automation Accounts

September 12, 2019

How do you maintain a privileged persistence in Azure? Learn how to use Automation Accounts to create a webhook backdoor to give you a way back in.

Learn More

Automation Accounts Azure Cloud Cloud Security Key Vaults MicroBurst powershell

Using Azure Automation Accounts to Access Key Vaults

March 20, 2019

Have contributor access to a subscription, but no vault access? This post covers accessing Key Vault Keys via privileged Automation Accounts.

Learn More

Automation Accounts Azure Cloud Cloud Security MicroBurst powershell

Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence

February 27, 2019

Logging in with RunAs certificates is a great way for maintaining access in an Azure environment during a penetration test. See how we export the PFX files.

Learn More

adidns powershell Privilege Escalation Red Team Spoofing

ADIDNS Revisited – WPAD, GQBL, and More

December 5, 2018

This post will mainly cover some additional techniques on both the offensive and defensive fronts for exploiting Active Directory-Integrated DNS (ADIDNS).

Learn More

Azure Cloud Cloud Security pen testing powershell

Running PowerShell on Azure VMs at Scale

November 6, 2018

Getting PowerShell scripts to run on Azure VMs can be a bit of a pain. Using the AzureRM cmdlets, NetSPI shows you how to get quickly your scripts running.

Learn More

Azure Cloud powershell subdomains

Anonymously Enumerating Azure Services

October 2, 2018

Microsoft makes use of a number of different domains/subdomains for each of their Azure services. NetSPI has a tool to help enumerate Azure hosted services.

Learn More

password cracking Pentesting powershell Red Team smb smb relay

Inveigh – What's New in Version 1.4

September 25, 2018

New Inveigh release! This blog details all the new features.

Learn More

Automated tools Azure cleartext passwords Cloud Cloud Security passwords powershell scripting

Get-AzurePasswords: A Tool for Dumping Credentials from Azure Subscriptions

August 28, 2018

Get-AzurePasswords.ps1 is a PowerShell script for automating the credential gathering process for Microsoft Azure subscriptions.

Learn More

Azure Cloud Cloud Security Pentesting powershell

Anonymously Enumerating Azure File Resources

July 17, 2018

Much like publicly exposed S3 buckets, Microsoft's Azure platform can suffer from similar data exposure issues via its Blob file storage service.

Learn More

adidns powershell Privilege Escalation Spoofing

Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS

July 10, 2018

Exploiting weaknesses in name resolution protocols is a common technique for performing man-in-the-middle (MITM) attacks. This blog dives into two particularly vulnerable name resolution protocols: Link-Local Multicast Name Resolution (LLMNR) and NetBIOS Name Service (NBNS).

Learn More