I am currently the #1 ranked payload contributor on hak5. With this I often have people asking me how they can get started making their own payloads. In response to that I have made this 20+ video series on different powershell functions I have written to build my payloads with. Functions ranging from changing your targets wallpaper, hiding text in an image, uploading exfiltrated data up to Dropbox, and even bypassing the UAC prompt to open an admin level powershell console to gain extra functionality.
By using powershell as my main attack vector I am utilizing a technique called “Living off the Land”. The purpose of living off the land is two-fold. By using such features and tools, attackers are hoping to blend into the victim’s network and hide their activity in a sea of legitimate processes. Secondly, even if malicious activity involving these tools is detected, it is much harder to attribute attacks. If everyone is using similar tools, it’s more difficult to distinguish one group from another.
With this said please feel free to mix and match these functions as you see fit to develop your own payloads. In each of these videos I break down each of the functions to make sure you understand the fundamentals of how they work. I do this with hopes that you will understand them enough to be able to modify them and add even more functionality to the payloads you develop. Enjoy.