---
Name: Pester.bat
Description: Used as part of the Powershell pester
Author: 'Oddvar Moe'
Created: '2018-05-25'
Commands:
  - Command:  Pester.bat [/help|?|-?|/?] "$null; notepad"
    Description: Execute code using Pester. The third parameter can be anything. The fourth is the payload. Example here executes notepad
    Usecase: Proxy execution
    Category: Execute
    Privileges: User
    MitreID: T1216
    MitreLink: https://attack.mitre.org/wiki/Technique/T1216
    OperatingSystem: Windows 10
Full Path:
  - Path: c:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\bin\Pester.bat
  - Path: c:\Program Files\WindowsPowerShell\Modules\Pester\*\bin\Pester.bat
Code Sample: 
  - Code:
Detection:
  - IOC:
Resources:
  - Link: https://twitter.com/Oddvarmoe/status/993383596244258816
Acknowledgement:
  - Person: Emin Atac
    Handle: '@p0w3rsh3ll'
---