If you have been wondering why many PowerShell based shells haven’t been working, you can thank Windows’ AMSI. If you still need to use PowerShell based shells, check out the latest version of Trusted Sec’s Magic Unicorn tool.
According to Microsoft, the Antimalware Scan Interface (AMSI) is an interface that “provides enhanced malware protection for users and their data, applications, and workloads”. A newer piece to the Anti-Virus bypass cat and mouse game. Just as there is with regular anti-virus, there has been an almost constant battle between AMSI and utilities to bypass its ability to catch and block PowerShell based remote shells.
The TrustedSec team has been very active in updating their “Magic Unicorn” PowerShell tool to evade AV and AMSI, and this is evident in their latest Unicorn update.
Installation and using Magic Unicorn is very simple in Kali Linux:
When you run Magic Unicorn, you are given a complete set of usage examples. More information is available on the GitHub site, so I am not going to discuss tool usage. Though generated payloads can be found in the /unicorn directory.
The big question, does it work?
That would be a yes:
Best defenses against attacks like this is to be very leery
of e-mail attachments & suspicious links. Protect physical access to your
computers. Disable or remove old PowerShell versions. Enable PowerShell monitoring. Install all
Windows & AV updates. Run a good network security program. Also, a good
Network Security Monitoring system is always helpful in case the worse happens.
Check out the Magic Unicorn Github site for more information.
Want a chance to get a signed copy of my latest Kali Linux book? I am giving away a total of 10 signed copies of “Basic Security Testing with Kali Linux, 3rd Edition”!
Simply follow, like and share this article, or my official Twitter or Instagram announcement, for a chance to win a signed copy of my new book!
10 lucky winners will be randomly selected on October 31st.
The Contest is for those living in the United States only. I may do another one for international readers in the future.
Liking this article & sharing the Official Contest announcements on Twitter and Instagram will increase your chances of winning. Winners will be notified on October 31st. If a winner cannot be notified or does not respond by the end of the first week of November, another winner will be picked.
My newest book, a cover to cover update of my Basic Kali book is now available! After numerous requests for an update, the new “Basic Security Testing with Kali Linux, 3rd Edition” is here!
What was intended to be a quick version change update, turned into a 6-month overhaul. It is amazing how much can change in the security world in 2 years. All chapters have been revamped, with a lot of new material added. The latest book is also 50 pages longer than the previous version!
The entire book was updated to Kali Linux 2018
All tools & tutorials updated
Obsolete tools removed
Many new tools added
Password Cracking section expanded
Kali on RPi chapter totally revamped
Kali NetHunter chapter added
Table of Contents List:
I was going to use Metasploitable3 for the Windows target in this book, but with the install complexity (and install issues) of Ms3, I decided to stay with Windows 7. I also occasionally use Windows 10 as a test target and Server 2016 is mentioned a few times as well. I will most likely use Ms3 for the upcoming advanced book. Metasploitable2 is still used for some of the Linux tutorials, as it is very easy for new users to use and follow.
The Basic Kali book is used by Universities, Training Centers, and in Ethical Hacking classes worldwide. It is also used as a training aid for multiple US Government Agencies. I have also been told numerous times that my Kali series is excellent prep material for the OSCP certification. The book is now in its third revision, with major changes made from user feedback and requests.
I have been completely shocked and humbled by the popularity of a book that was originally written as an extension of my blog posts and has evolved into a worldwide basic training guide for the exceptional Kali Linux ethical hacking platform. This continuing project would have never been possible without the flood of support and feedback from the infosec community. I am very excited to present this new version to the community and look forward to hearing your feedback and comments.