Beau Bullock

Pwning the Enterprise with PowerShell

The last few years have seen a dramatic increase in the number of PowerShell-based penetration testing tools. A benefit of tools written in PowerShell is that it is installed by default on every Windows system. This allows us as attackers to “”live off the land””. It also has built-in functionality to run in memory bypassing most security products.

I will walk through various methodologies I use surrounding popular PowerShell tools. Details on attacking an organization remotely, establishing command and control, and escalating privileges within an environment all with PowerShell will be discussed. You say you’ve blocked PowerShell? Techniques for running PowerShell in locked down environments that block PowerShell will be highlighted as well.


Beau is a Senior Security Analyst at Black Hills Information Security and has held positions in the financial and health industries. He has experience with all aspects of enterprise network security including penetration testing, and vulnerability analysis. Beau is the developer of the PowerShell tool MailSniper, a Hack Naked TV host, and frequent speaker at industry events. @dafthack on Twitter