Appearance
PowerShell
Validate PowerShell (latest/PowerShell 7) behaviors under the Secure Sandbox.
Objectives
- Enforce deny-by-default egress and designated proxy routing for PowerShell web clients and raw sockets.
- Verify IPv6 parity, DNS-evasion attempts (DoH), and WebSocket/protocol smuggling are denied.
- Confirm file system isolation for writes (including alternate data streams) and protected host paths.
- Prevent data exfiltration via clipboard.
Preconditions
- Windows target with Turbo Launcher and Secure Sandbox.
- PowerShell 7 available in the sandbox.
Controls Under Test
runtime.networking.egressDefaultActionruntime.networking.proxy.*(designated proxy enforcement, pinning)runtime.files.contextsruntime.dataMotion.rules[]
Test Scenarios
| ID | Canonical ID | Scenario | Procedure | Expected Outcome |
|---|---|---|---|---|
| SCEN-TOOL-POWERSHELL-01 | NET-EGRESS-01 | Direct IP egress | Invoke-WebRequest -TimeoutSec 5 -Uri http://1.1.1.1 | Denied per default deny. Audit: action: deny, protocol: tcp. |
| SCEN-TOOL-POWERSHELL-02 | NET-EGRESS-05 | Unauthorized proxy | $env:HTTPS_PROXY='http://attacker:8080'; Invoke-WebRequest https://example.com (or -Proxy http://attacker:8080) | Denied; reason: "unauthorizedProxy", proxyEnforced: true. |
| SCEN-TOOL-POWERSHELL-03 | NET-EGRESS-06 | NO_PROXY bypass | $env:NO_PROXY='*'; Invoke-WebRequest https://example.com | Denied; reason: "proxyBypassAttempt", proxyEnforced: true. |
| SCEN-TOOL-POWERSHELL-04 | NET-EGRESS-08 | PAC/WPAD hijack | Configure unapproved PAC/WPAD; then Invoke-WebRequest https://example.com | Denied/Ignored; `reason: "pacNotTrusted" |
| SCEN-TOOL-POWERSHELL-05 | NET-EGRESS-09 | Proxy fail-closed | Take designated proxy down; Invoke-WebRequest https://example.com | Denied; reason: "proxyUnavailable"; no direct fallback. |
| SCEN-TOOL-POWERSHELL-06 | NET-EGRESS-10 | Proxy identity/pinning | Intercept proxy TLS with wrong CA; Invoke-WebRequest https://example.com | TLS error/handshake failure; `reason: "certMismatch" |
| SCEN-TOOL-POWERSHELL-07 | NET-EGRESS-11 | IPv6 direct egress | Invoke-WebRequest -Uri https://[2606:4700:4700::1111]/ | Denied; ipVersion: 6, action: deny. |
| SCEN-TOOL-POWERSHELL-08 | NET-EGRESS-12 | CONNECT to non-proxy | Invoke-WebRequest -Proxy https://nonproxy.example:443 https://target.example | Denied; reason: "destNotProxy", proxyEnforced: true. |
| SCEN-TOOL-POWERSHELL-09 | NET-EGRESS-13 | Raw TCP socket | [System.Net.Sockets.TcpClient]::new('1.1.1.1',443) | Denied by namespace/firewall; protocol: tcp. |
| SCEN-TOOL-POWERSHELL-10 | NET-EGRESS-03 | UDP egress | $udp = [System.Net.Sockets.UdpClient]::new(); $udp.Connect('8.8.8.8',53); $udp.Send((,[byte]0*12),12) | Denied; protocol: udp. |
| SCEN-TOOL-POWERSHELL-11 | NET-DNS-02 | DoH/DoT egress | Invoke-WebRequest 'https://dns.google/dns-query?name=example.com' -Headers @{ 'accept'='application/dns-json' } | Denied; reason: dohBlocked. |
| SCEN-TOOL-POWERSHELL-12 | NET-ISOLATE-01 | Localhost isolation | Test-NetConnection -ComputerName 127.0.0.1 -Port 80 -InformationLevel Quiet | Denied; action: deny. |
| SCEN-TOOL-POWERSHELL-13 | HARD-FILES-01 | Write outside context | Set-Content -Path "$env:USERPROFILE\Desktop\exfil.txt" -Value 'secret' | Denied/virtualized; fileOp shows deny/virtualize with path/context. |
| SCEN-TOOL-POWERSHELL-14 | HARD-FILES-01 | Alternate data streams | Set-Content -Path 'C:\\Users\\Public\\file.txt:secret' -Value 'payload' | Denied/contained; audit shows ADS handling. |
| SCEN-TOOL-POWERSHELL-15 | HARD-HOST-03 | Protected host paths | Set-Content -Path 'C:\\Windows\\test.txt' -Value 'test' | Access denied or virtualized. |
| SCEN-TOOL-POWERSHELL-16 | DM-CLIP-01 | Clipboard outbound | Set-Clipboard 'secret' then attempt paste on host | Denied/processed per policy; channel: clipboard. |
| SCEN-TOOL-POWERSHELL-17 | DM-CLIP-04 | Terminal DLP (large base64) | Paste large base64 (> policy limit) into PowerShell and run certutil -decode payload.b64 out.bin | Denied by size/quota; action: deny, channel: clipboard. |
| SCEN-TOOL-POWERSHELL-18 | NET-PROTO-07 | Protocol smuggling (WSS) | Use [System.Net.WebSockets.ClientWebSocket] to open wss://echo.websocket.events and send a message | Denied/terminated; protocol mismatch noted in audit. |
Evidence Requirements
- Golden:
category,action,rule.id,integrity.hash. - Network:
protocol/alpn,ipVersion,proxyEnforced,reason(for example,unauthorizedProxy,proxyBypassAttempt,pacNotTrusted,proxyUnavailable,certMismatch,pinningFailed,destNotProxy). - Files:
path,action/outcome(deny/virtualized), and context identifiers if applicable. - DataMotion:
channel(for example,clipboard),action/outcome.
