DEF CON 23 – Rich Kelley – Harness: Powershell Weaponization Made Easy
The Harness toolset aims to give penetration testers and red teams the ability to pull a remote powershell interface with all the same features of the native Powershell CLI and more. Several tools and utilities have been released to solve the powershell weaponization problem, but no freely available tool give operators the full capabilities of powershell through a remote interface. We’ll start the talk with a quick survey of the previous methods of weaponizing powershell, and then move into the capabilities of the Harness toolset which includes a fully interactive powershell CLI, and remote importing of modules across the wire without staging. We’ll conclude with taking a look at the underlying code that makes the toolset work, and briefly discuss planned features. The Harness toolset will be released open source in conjunction with this talk.
Rich Kelley (@RGKelley5) is a security researcher and the co-founder of Gray Tier Technologies, a small InfoSec start-up based out of Alexandria, VA. After his time in the military he held positions as a network engineer, software engineer, and penetration tester for various government agencies. He recently moved into exploit development and reverse engineering, and is pretty sure he knows less than when he started.