PowerMemory is a PowerShell post-exploitation tool. It uses Microsoft binaries and as such is able to execute on a machine, even after the Device Guard Policies have been set. In the same way, it will bypass antivirus detection. PowerMemory can retrieve credentials information and manipulate memory. It can execute shellcode and modify process in memory (in userland and kernel land as a rootkit). PowerMemory will access everywhere in user-land and kernel-land by using the trusted Microsoft debugger aka cdb.exe which is digitally signed.
Pierre-Alexandre Braeken is an accomplished and highly experienced security architect with over 12 years of experience in engineering and system architecture. In his career, having acquired the MCSE, MCSA, MCITP certifications, he has focused specifically on security and specializing in the implementation of large projects for businesses relying on the Microsoft infrastructure and alternative platforms. He is a Microsoft Certified Solutions Expert in server infrastructure. He has an excellent command and understanding of information security, security architecture and secure application development, as well as strong analytical skills pertaining to enterprise situations, risk and contingency plans. Most recently, Mr. Braeken worked for Industrial Alliance as a technology architect where he was chiefly responsible for security project architecture. He has a proven track record of combining his technological aptitudes with strong business acumen to ensure the right insight is delivered to the client and to provide accurate solutions that meet the clients’ needs. In his native country of Belgium, Mr. Braeken held engineering jobs of increasing responsibility and seniority. He worked as a corporate engineer and systems engineer expert for D’Ieteren (Belgium) and Cogen, respectively, where he was responsible for corporate IT infrastructure management and network design optimizations as well as providing his technological expertise in a variety of knowledge bases, including Active Directory Federation Services, MS SQL Clusters, PowerShell development, etc. He does unique Windows security research and speaks on it at international conferences (Hackfest 2015 – Quebec, Canada; Infosecurity Europe – London, UK).