Description: In this session, you'll gain insight into how PowerShell cmdlets work behind the scenes, enabling you to find hidden capabilities even in built-in cmdlets. Developers will learn how to create their own cmdlets, and security engineers will better understand PowerShell-based attacks. We'll explore well-known cmdlets and how to overcome built-in limitations. The demo-based session includes an intro to Win32 API, monitoring built-in cmdlets API calls, analyzing API calls in source code, and abstracting Win32 API functions with PSReflect to customize built-in cmdlets.
What you will learn: - Uncovering hidden capabilities in built-in cmdlets
- Using PSReflect to abstract Win32 API functions
- Bypassing limitations of PowerShell cmdlets