Okay, so you’ve landed in a constrained language PowerShell on a remote box, and the local application security policy is stopping you from using all the regular stuff (e.g. netcat, opening network connections, etc)… but you need to exfil a medium amount of binary data.  How would you do that?

The following isn’t perfect, but it’s the solution I used recently… feel free to share better solutions! 🙂

Continue reading “Quick Hit: Base64 PowerShell Exfiltration” →