Isolated to Constrained Language Mode - Living within the Confines

Constrained Language Mode is a PowerShell language mode that is very restrictive. It is rare to see in the wild outside of a test environment, and is scarcely seen actually deployed. However, this is a language mode that should be analyzed both by blue teams and red teams. Blue can leverage constrained language mode to help lock down systems within their environment. Red should analyze constrained language mode restrictions to identify the limitations of their existing toolset, and look for opportunities to build new ones. This talk will cover what constrained language mode is, what works, and what doesn’t compared with the tools you are likely used to using. I’ll talk about building out tools in constrained language mode, the frustrations, and tips to make it easier. I’ll also cover existing tools for operating within a constrained language mode environment, and add a new update to WMImplant based on my approach to building out constrained language mode capabilities. Christopher Truncer (Red Team lead at FortyNorth Security) Christopher Truncer (@ChrisTruncer) is a co-founder and red team lead with FortyNorth Security. He is a co-founder and current developer of the Veil-Framework, a project aimed to bridge the gap between advanced red team and penetration testing toolsets. Chris began developing toolsets that are not only designed for the offensive community, but can enhance the defensive community's ability to defend their network as well.