Command and Control with PoshC2

PoshC2 is a powerful tool that uses PowerShell to control a victim system toward furthering red teaming objectives beyond exploitation throughout the remaining life of an engagement. In this course, you will learn Command and Control using PoshC2.
Course info
Level
Intermediate
Updated
Oct 15, 2020
Duration
27m
Table of contents
Description
Course info
Level
Intermediate
Updated
Oct 15, 2020
Duration
27m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

On the Windows OS, PowerShell can offer effective control of a system, this course will give you the skills and understanding to harness PowerShell to further your red teaming objectives towards command and control of a victim system. In this course, Command and Control with PoshC2 you’ll cover how to utilize PoshC2 to execute privilege escalation in a red team environment. First, you’ll demonstrate ways to gain system access and evade detection using the PoshC2 implant. Next, you’ll apply the built-in PoshC2 modules to send commands to enumerate the victim system. Finally, you’ll simulate the harvesting of credentials to escalate privilege with PowerShell. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques Application Layer Protocol: Web Protocols-T1071.001, Account Discovery: Local Account- T1087.001 & Remote Access Software-T1219 using PoshC2.

Course FAQ
Course FAQ
What will I learn in this course?

With this course you will learn how to use PoshC2 to remotely control compromised hosts, perform a wide range of post‑exploitation activities, and move laterally through a target network.

What is Windows PowerShell used for?

Windows PowerShell is a Microsoft framework for automating tasks using a command-line shell and an associated scripting language. When it was released in 2006, this powerful tool essentially replaced Command Prompt as the default way to automate batch processes and create customized system management tools.

What is meant by victim system?

It is Malware that infects files and spreads when the file executes or is executed by another program. Like all hostile code the effects range from benign to the destruction of data and resources

What are some features of PoshC2?

PoshC2 has highly configurable payloads, including default beacon times, jitter, kill dates, user agents and more. It also has auto-generated Apache Rewrite rules for use in C2 proxy, protecting your C2 infrastructure and maintaining good operational security, among many other features.

What is red teaming?

The purpose of conducting a red teaming assessment is to demonstrate how real world attackers can combine seemingly unrelated exploits to achieve their goal. It is an effective way to show that even the most sophisticated firewall in the world means very little if an attacker can walk out of the data center with an unencrypted hard drive.

About the author
About the author

Jeff Stein is an Information Security Architect. He holds a master’s degree in Information Security & Assurance and numerous security and IT certifications, including his CISSP.

More from the author
Initial Access with King Phisher
Intermediate
28m
Oct 14, 2020
Credential Access with Cain & Abel
Intermediate
25m
Jul 28, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and the cybersecurity tools course featuring PoshC2, the proxy‑aware command and control framework created by Nettitude. The PoshC2 tooling offers a C2 framework for red team members who are looking to gain remote control of hosts for the purpose of performing post exploitation and lateral movement during attack engagement. The tooling consists of both a C2 server, which listens for connections from implants on exploited hosts and provides the log for task output, along with an Implant Handler, which is used to run commands on a system with an implant loaded on it. Additionally, PoshC2 is built using a modular format to enable users to utilize open source scripts or even to add their own modules and tools. If you would like to learn how to use PoshC2 to remotely control compromised hosts, perform a wide range of post‑exploitation activities, and move laterally through a target network, come join me and explore the extensibility and flexibility of PoshC2.