Command and Control with PoshC2

PoshC2 is a powerful tool that uses PowerShell to control a victim system toward furthering red teaming objectives beyond exploitation throughout the remaining life of an engagement. In this course, you will learn Command and Control using PoshC2.
Course info
Level
Intermediate
Updated
Oct 15, 2020
Duration
27m
Table of contents
Description
Course info
Level
Intermediate
Updated
Oct 15, 2020
Duration
27m
Description

On the Windows OS, PowerShell can offer effective control of a system, this course will give you the skills and understanding to harness PowerShell to further your red teaming objectives towards command and control of a victim system. In this course, Command and Control with PoshC2 you’ll cover how to utilize PoshC2 to execute privilege escalation in a red team environment. First, you’ll demonstrate ways to gain system access and evade detection using the PoshC2 implant. Next, you’ll apply the built-in PoshC2 modules to send commands to enumerate the victim system. Finally, you’ll simulate the harvesting of credentials to escalate privilege with PowerShell. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques Application Layer Protocol: Web Protocols-T1071.001, Account Discovery: Local Account- T1087.001 & Remote Access Software-T1219 using PoshC2.

About the author
About the author

Jeff Stein is an Information Security Architect. He holds a master’s degree in Information Security & Assurance and numerous security and IT certifications, including his CISSP.

More from the author
Initial Access with King Phisher
Intermediate
28m
Oct 14, 2020
Credential Access with Cain & Abel
Intermediate
25m
Jul 28, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and the cybersecurity tools course featuring PoshC2, the proxy‑aware command and control framework created by Nettitude. The PoshC2 tooling offers a C2 framework for red team members who are looking to gain remote control of hosts for the purpose of performing post exploitation and lateral movement during attack engagement. The tooling consists of both a C2 server, which listens for connections from implants on exploited hosts and provides the log for task output, along with an Implant Handler, which is used to run commands on a system with an implant loaded on it. Additionally, PoshC2 is built using a modular format to enable users to utilize open source scripts or even to add their own modules and tools. If you would like to learn how to use PoshC2 to remotely control compromised hosts, perform a wide range of post‑exploitation activities, and move laterally through a target network, come join me and explore the extensibility and flexibility of PoshC2.