PowerShell y RickyBobby en la filtración de WikiLeaks (Vault 7: CIA Hacking Tools Revealed)

About RickyBobby v4.x.x (S) RickyBobby 4.x is developed by IOC/EDG/AED/Operational Support Branch (OSB) as a lightweight implant for target computers running newer versions of Microsoft Windows and Windows Server. The RickyBobby implant enables COG operators to upload and download files and execute commands and executables on the target computer without detection as malicious software by…
Read more

Windows processes

Windows Post Exploitation Cmdlets Execution (PowerShell)

Presence This section focuses on information gathering about the victim host and the network that it’s attached to. System

WMI

Networking

Users

Configs

Finding important files

Files to pull

Remote system access

Software

Auto­Start directories

Persistance This section focuses on gaining a foothold to re­gain,…
Read more

1. Introducción a PowerShell para administradores de sistemas

Introducción PowerShell es una línea de comandos con tecnología de scripting basada en tareas que proporciona a los administradores de tecnologías de la información (TI) un control integral y la posibilidad de automatizar las tareas de administración del sistema. PowerShell se ha creado sobre Common Language Runtime (CLR) y .NET Framework. Consola Para ejecutar la línea…
Read more

Creates and starts a scheduled job

 

Windows PowerShell aliases