Command and Control with PoshC2

by Jeff Stein

PoshC2 is a powerful tool that uses PowerShell to control a victim system toward furthering red teaming objectives beyond exploitation throughout the remaining life of an engagement. In this course, you will learn Command and Control using PoshC2.

What you'll learn

On the Windows OS, PowerShell can offer effective control of a system, this course will give you the skills and understanding to harness PowerShell to further your red teaming objectives towards command and control of a victim system. In this course, Command and Control with PoshC2 you’ll cover how to utilize PoshC2 to execute privilege escalation in a red team environment. First, you’ll demonstrate ways to gain system access and evade detection using the PoshC2 implant. Next, you’ll apply the built-in PoshC2 modules to send commands to enumerate the victim system. Finally, you’ll simulate the harvesting of credentials to escalate privilege with PowerShell. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques Application Layer Protocol: Web Protocols-T1071.001, Account Discovery: Local Account- T1087.001 & Remote Access Software-T1219 using PoshC2.

Course FAQ

What will I learn in this course?

With this course you will learn how to use PoshC2 to remotely control compromised hosts, perform a wide range of post‑exploitation activities, and move laterally through a target network.

What is Windows PowerShell used for?

Windows PowerShell is a Microsoft framework for automating tasks using a command-line shell and an associated scripting language. When it was released in 2006, this powerful tool essentially replaced Command Prompt as the default way to automate batch processes and create customized system management tools.

What is meant by victim system?

It is Malware that infects files and spreads when the file executes or is executed by another program. Like all hostile code the effects range from benign to the destruction of data and resources

What are some features of PoshC2?

PoshC2 has highly configurable payloads, including default beacon times, jitter, kill dates, user agents and more. It also has auto-generated Apache Rewrite rules for use in C2 proxy, protecting your C2 infrastructure and maintaining good operational security, among many other features.

What is red teaming?

The purpose of conducting a red teaming assessment is to demonstrate how real world attackers can combine seemingly unrelated exploits to achieve their goal. It is an effective way to show that even the most sophisticated firewall in the world means very little if an attacker can walk out of the data center with an unencrypted hard drive.

About the author

Jeff Stein is an Information Security Architect focused on topics covering Governance, Application, Cloud, Network, Data and Physical security with an eye towards building robust security programs. In addition to security he has a background in Systems Engineering and Administration. Jeff has written on various security topics for industry publications and has worked in both the tech and fintech space. His background in IT also includes employment with the U.S. House of Representatives and the U... more

Ready to upskill? Get started