DaveyBoy Posted January 9, 2018 Posted January 9, 2018 In order to provide a PoC that non-administrative access still can result in huge data breaches I present to you The Hidden PP Attack A one liner PoSh command that can be executed from a Teensy/Rubber Ducky which leaves the machine open to injections of PoSh code remotely. Quite happy with this project so I thought id drop it here. Ive lurked remotely without an account for some time without contributing, so... here you are https://simpleinfosec.com/2018/01/09/the-hidden-pp-attack-a-non-administrative-remote-shell-for-data-exfiltration/ https://github.com/secsi/HIDdenPPAttack Quote
i8igmac Posted January 9, 2018 Posted January 9, 2018 (edited) What if jim carry finds it. Lol... I llike what you did here. using the tools and services already available To the current user to perform automated tasks. I agree that user level remote access still can be dangerous. Edited January 9, 2018 by i8igmac Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.