1
00:00:06,310 --> 00:00:07,770
- [Instructor] Earlier in this course,

2
00:00:07,770 --> 00:00:10,350
you learned how to maintain persistence

3
00:00:10,350 --> 00:00:12,830
on a compromised system
after exploitation.

4
00:00:12,830 --> 00:00:15,250
You learned about tools like Netcat

5
00:00:15,250 --> 00:00:17,610
that can be used to create bind shells

6
00:00:17,610 --> 00:00:21,590
or reverse TCP shells on a victim's system

7
00:00:21,590 --> 00:00:24,150
or from a victim's system
to actually connect to you

8
00:00:24,150 --> 00:00:26,370
or to a command and control system.

9
00:00:26,370 --> 00:00:29,000
You also learned that you can actually use

10
00:00:29,000 --> 00:00:30,870
remote access protocols to communicate

11
00:00:30,870 --> 00:00:34,590
to a compromised system and
perform lateral movement.

12
00:00:34,590 --> 00:00:36,900
These protocols include the things like

13
00:00:36,900 --> 00:00:40,620
the Microsoft Remote
Desktop Protocol or RDP,

14
00:00:40,620 --> 00:00:43,360
Apple Remote Desktop, VNC,

15
00:00:43,360 --> 00:00:45,520
and X server forwarding.

16
00:00:45,520 --> 00:00:48,900
You also learned that
you can use PowerShell

17
00:00:48,900 --> 00:00:51,900
to get things like directory listings,

18
00:00:51,900 --> 00:00:55,530
copy and move files, get a
list of running processes

19
00:00:55,530 --> 00:00:59,440
and perform many, many
different administrative tasks

20
00:00:59,440 --> 00:01:01,070
that can actually help you

21
00:01:01,070 --> 00:01:04,200
as "an attacker" was a pentester

22
00:01:04,200 --> 00:01:07,550
to further compromise a system.

23
00:01:07,550 --> 00:01:11,820
Now, PowerSploit is a
collection of PowerShell modules

24
00:01:11,820 --> 00:01:14,270
that can be used for post-expedition

25
00:01:14,270 --> 00:01:18,710
and other phases of the
penetration testing assessment.

26
00:01:18,710 --> 00:01:23,190
PowerSploit can be downloaded
from the GitHub repository

27
00:01:23,190 --> 00:01:24,790
that I'm sharing in this screen.