September 2018
Intermediate to advanced
480 pages
9h 45m
English
Content preview from Hands-On Red Team Tactics
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Why use MSHTA as the dropper payload?
One of the coolest reasons of using MSHTA for payload delivery is its support for scripting languages, such as VBScript and JScript, and as it's explained in the introductory part of this tool, Koadic does not uses PowerShell for post-exploitation. PowerShell was a really great playground for attackers and red-teamers for years and like every good playground, there comes a time when it gets too messy. Nowadays, even if you encode the PowerShell command into base64 or any other encoder, the payload delivery still gets detected by so-called AntiVirus with Machine Learning and Artificial Intelligence. The reason for this is that instead of trying to detect the payload command or the shellcode embedded in ...