Powerglot encodes several kinds of scripts using polyglots, for example, offensive PowerShell scripts. It is not needed a loader to run the payload. In red-team exercises or offensive tasks, masking of payloads is usually done by using steganography, especially to avoid network-level protection, being one of the most common payloads scripts developed in Powershell. Recent malware and APTs make use of some of these capabilities: APT32, APT37, Ursnif, Powload, LightNeuron/Turla, Platinum APT, Waterbug/Turla, Lokibot, The dukes (operation Ghost), Titanium, etc. Powerglot is a multifunctional and multi-platform attack and defense tool based on polyglots. Powerglot allows masking a script (PowerShell, shell scripting, PHP, ...) mainly in a digital image, although other file formats are in progress. Unlike the usual offensive tools or malware, Powerglot does not need any loader to execute the "information hidden", minimizing the noise on the target system. PowerGlot has a clear utility in offensive tasks but it....
Read the rest of this story with a free account.
Already have an account? Sign in
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
- BlogAugust 29, 2022Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- BlogAugust 25, 2022Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky