"No Powershell" aka "PowerLess Shell" Explained | Executing Powershell Scripts with MSBhild.exe

Hello, Powershell shell is a technique to execute powershell scripts without calling powershell.exe. Threat actors & Red Teamers use MSBuild.exe utility to achieve this. =================== Important Links : =================== TryHackMe Room - Living Off the Land : https://tryhackme.com/room/livingofftheland Living Off the Land Binaries And Scripts (LOLBAS) Project: https://lolbas-project.github.io/ GTFOBins - The Linux version of the LOLBAS project : https://gtfobins.github.io/ "Astaroth" Banking Trojan - Uses LOLBAS : https://www.armor.com/resources/threat-intelligence/astaroth-banking-trojan/ Microsoft Discovers Fileless Malware Campaign Dropping Astaroth Info Stealer : https://www.trendmicro.com/vinfo/de/security/news/cybercrime-and-digital-threats/microsoft-discovers-fileless-malware-campaign-dropping-astaroth-info-stealer Astaroth malware hides command servers in YouTube channel descriptions : https://www.zdnet.com/article/astaroth-malware-hides-command-servers-in-youtube-channel-descriptions/ ============= Time Frame ============= 00:00 Need for PowerLess Shell 01:20 Executing Powershell scripts using MSBuild.exe (in the absence of powershell.exe) 18:12 Outro =========================== Stay Connected with Me On =========================== Website : https://perumaljegan.com LinkedIn : https://www.linkedin.com/in/perumal-jeganatharavi-a890121b2/ Twitter : https://twitter.com/realperumalj #PowerLessShell #MSBuild.exe #RedTeaming