I am pleased to announce that the BrowserGather project now supports the extraction of Chrome cookie data. In the first part of the BrowserGather project, I used binary regular expressions in PowerShell to extract Chrome credentials in a novel, fileless manner. In this blog post, I will discuss how I was able to apply this technique to extract Chrome cookie data, and the issues that arose during development. Check out my GitHub for the updated code.
I am pleased to introduce the first module for my latest project, BrowserGather. BrowserGather is an entirely fileless web browser information gathering tool for red teamers, written in PowerShell to compliment tools such as Empire and PowerSploit. The Get-ChromeCreds module allows for the extraction of Chrome credentials without the need to write to disk, making it much stealthier than previous techniques.
In my previous post, I demonstrated how it was possible to execute custom C# code via the creation of a custom CLR stored procedure on a target SQL Server, entirely in memory. In this post I will provide and discuss a working command execution PowerShell script for this technique and possible ways to mitigate it.