Presented at CarolinaCon 11 (2015)
March 20, 2015, 7 p.m.
Devastating breaches caused by sophisticated attackers have become a significant existential threat to many organizations. Companies must move beyond simple penetration testing to effectively emulate advanced threat actors and provide a realistic picture of how breaches may occur. Increased assessment sophistication calls for the development of new capabilities. PowerShell, with its deep integration to the Windows API and the .Net framework, is the ideal platform for building a new generation of offensive toolsets. In this talk we will cover how our project, Veil's PowerTools, can provide pen testers and red teamers capabilities to emulate advanced threats. From automating Windows privilege escalation (PowerUp), to advanced situational awareness (PowerView), to the execution of Mimikatz on a huge number of systems for massive lateral spread (PewPewPew), PowerTools can help push down advanced tradecraft to all types of engagements.