I probably learned to crack WiFi over 10 years ago -- if you've never done it, do it, you won't regret it.  I learned on BackTrack and Kali using an Alpha antenna.  Somewhere along the way, I acquired a Pineapple... or four which streamlines the process.  Of the many times I've setup a Pineapple, I've never had it go smoothly and that's either because they can be buggy, I'm using older versions, or I just don't have the attention span when I'm setting them up.  

All that said, I'm doing an audit -- which is something I rarely do but I grabbed the Pineapple out of my bin of toys and here were are.

I've been using Covenant for over three years now and I still have mixed feelings about it.  That being said, I'm still using it so I probably shouldn't complain about open source products when an alternative pay product, Cobalt Strike, is $6k.  My biggest gripe about Covenant is that it's quirky.  I feel like I'm always working around something.  For example, Covenant has the ability to generate Shellcode directly from launchers but when I try to process inject, it fails against Defender.  But when I convert the binary launcher with Donut, I can defeat Defender.  

Let's say we have a modern system and when we drop a malicious executable onto that system, we get caught.  We can use a technique called "process injection" which will inject our malicious code into the memory space of a running process.  To show how effective this technique is, we're going to use a meterpreter reverse shell on a Windows 10 system with Defender enabled.