.. /
Pester.bat
Used as part of the Powershell pester
Paths:
- c:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat
- c:\Program Files\WindowsPowerShell\Modules\Pester\*\bin\Pester.bat
Resources:
https://twitter.com/Oddvarmoe/status/993383596244258816
Acknowledgement:
Emin Atac - @p0w3rsh3ll
Detection:
Execute
Execute code using Pester. The third parameter can be anything. The fourth is the payload. Example here executes notepad
Pester.bat [/help|?|-?|/?] "$null; notepad"
Usecase:Proxy execution
Privileges required:User
OS:Windows 10
Mitre:T1216