Attacking PowerShell Clixml Deserialization
(truesec.com)
In this article, we will learn that using PowerShell’s CLIXML deserialization could lead to undesired effects, including remote code execution. We will also see that widely used solutions, like PowerShell Remoting and PowerShell Direct (Hyper-V), rely on such deserialization and could make you vulnerable to this kind of attack.
In this article, we will learn that using PowerShell’s CLIXML deserialization could lead to undesired effects, including remote code execution. We will also see that widely used solutions, like PowerShell Remoting and PowerShell Direct (Hyper-V), rely on such deserialization and could make you vulnerable to this kind of attack.
How to Break Out of Hyper-V and Compromise Your Admins
(truesec.com)
In this blog post we will explain novel attacks scenarios that affects the widely used protocols PowerShell Remoting and PowerShell Direct. Are you using PowerShell Remoting to manage your environment? Are you using PowerShell Direct to manage virtual machines in your hypervisor platform? Then you need to read this and take action to ensure you are not affected.
In this blog post we will explain novel attacks scenarios that affects the widely used protocols PowerShell Remoting and PowerShell Direct. Are you using PowerShell Remoting to manage your environment? Are you using PowerShell Direct to manage virtual machines in your hypervisor platform? Then you need to read this and take action to ensure you are not affected.