PowerShell is a scripting language included with all modern Windows operating systems, which, among other features, provides access to the Win32 API and the capability to run scripts on remote servers without writing to disk. PowerShell scripts bypass application white listing, application-signing requirements, and generally bypass anti-virus as well.
While all of these characteristics are very desirable to a penetration tester, rewriting penetration test tools in PowerShell would be time consuming. Instead, I will show how to combine PowerShell and assembly to reflectively load existing EXE’s and DLL’s without writing to disk, triggering anti-virus, or triggering application whitelisting. I’ll finish with several demonstrations of the Invoke-ReflectivePEInjection script in action.