• Option to prevent server computer to enter sleep mode.
• Streaming performance increased by using dirty region detection (motion update). Only the part of Remote Desktop that changed are sent to viewer.
• Mouse control improved.
• Keyboard control improved.
• Code improvement.

PowerRunAsAttached is a ported version of RunAsAttached in pure PowerShell.

PowerBruteLogon is a ported version of WinBruteLogon in pure PowerShell.

• Application protocol redesigned to be more fast, stable and modular.
• Session concurrency now supported. Multiple viewers can connect to the same server at the same time.
• Possibility to shutdown server using CTRL+C
• Streaming quality is now controlled by the viewer.
• Desktop image size is now requested server-side.
• Bug fix in virtual desktop alignement.
• Timeout implement during protocol negotiations to avoid possible dead locks.
• Virtual desktop can now be set on top of other windows.
• Server supports SecureString for authentication password.

• Deprecated TransportMode option removed.
• Streaming performance improved.
• Code improvement, release stability is good enough to mark release as stable.

• Code improvement.
• Ingress / Egress event support.
• Bug fix for password generation algorithm.
• Bug fix for virtual keyboard.
• Clipboard synchronisation implemented.
• View only option added. If used remote viewer cannot control remote server.

• Viewer now support SecureString to handle password.
• Certificate fingerprint validation implemented server-side.
• Trust a remote server temporarily or definitively (can be revoked)
• Server-trust management system.

• Possibility to control desktop streaming image quality.
• Support multiple monitors. You can choose which monitor to stream.

• HDPI is completely supported for both viewer and server.

• Desktop streaming is now sent in raw rather than base64 encoded thus increasing streaming performance. Base64 streaming encoding is still available as an option but marked as deprecated.
• Application protocol revisited.
• TLS v1.3 now optionally supported.
• Code improvements.
• Password complexity is enforced to avoid hosting a dangerous Remote Desktop server.
• Console verbosity can be disabled.
• Versions synchronisation implemented. Viewer version must fit with remote server and vis versa.

Power Remote Desktop is a powerful and easy-to-use remote desktop application that is written entirely in PowerShell. Unlike other remote desktop solutions, it does not rely on any external software or protocols to function, making it quick and easy to install and use. Its primary advantage is its use of PowerShell, which allows for seamless integration with other scripts and tools, as well as its user-friendly interface. Power Remote Desktop is a versatile and reliable solution for anyone needing to access and control remote computers.

The tool is a PowerShell module that allows you to load and execute .NET assemblies from memory, transferred over a network connection such as HTTP. It consists in retrieving the .NET assembly located at an URL. It then loads the assembly into memory and executes with given parameters.

This tool is useful for anyone who needs to load and execute .NET assemblies over a network connection, such as during a penetration testing engagement or when working with remote systems. It allows you to easily load and execute assemblies from memory, without the need to save them to disk first.

This proof of concept (PoC) project emphasizes the potential risks associated with InnoSetup installers. Such installers should always be regarded with caution. They can not only harbor malware but it's also possible to construct a fully functional piece of malware utilizing their embedded scripting engines.

In this PoC, we delve into the InnoSetup scripting engine (derived from Pascal) to execute a shellcode generated with msfvenom.

New code snippet that demonstrate how Malware authors create self-deleting application. This technique rely on code injection to a remote process that is tasked to inspect for malware sample process end.

YASE (Yet Another Sub Encoder) Encoder is python project created during my OSCE (Offensive Security Certified Expert) preparation to better understand and simplify the process of sub encoding shellcode in order to escape bad character restriction.

New code snippet that demonstrate how to automatically detect code caves in Microsoft Windows PE Files.

It is then possible to inject a shellcode in located code-cave (optionally encrypted) and redirect PE file entrypoint to shellcode.

This was a common technique used by old school viruses to inject other applications and self-replicate.

Available commands:

• -f / --file : Valid PE File location (Ex: /path/to/calc.exe).
• -p / --payload : Shellcode Payload (Example: "\x01\x02\x03…\x0a").
• -x / --encrypt : Encrypt main section (entry point section).
• -k / --encryption-key : Define custom encryption key (1 Byte only).
• -c / --cave-opcodes : Define code opcode list to search for.
• -s / --cave-min-size : Minimum size of region to be considered as code cave.
• -e / --egg : Define a custom egg name (ESP Restore Mechanism).

New snippet that demonstrate the use of Windows API OutputDebugStringA and OutputDebugStringW to detect the presence of debuggers.

New code snippet that demonstrate the usage of SuspendThread to detect the presence of debuggers.

New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.

New code snippet that demonstrate how Malware authors detects the presence of debuggers using both Microsoft Windows API's: FindWindowA and FindWindowW API's.