PowerShell Command Line Argument Obfuscation Techniques
Invoke-Obfuscation:
PowerShell obFUsk8tion Techniques & How To (Try To)
D""e`Tec`T 'Th'+'em'
Daniel Bohannon @danielhbohannon
Who I Am
? Daniel Bohannon ? @danielhbohannon , ? Blue Team w/increasing exposure to Red Team ? Incident Response Consultant @ Mandiant (1.5yrs) ? Previously 5yrs in IT Operations and Security role for national restaurant franchise
Shortage of memes cat pictures
415-140707115516-560.Purrmanently-Sad-Cat-kitten.ls.7814.jpg
Outline:
? Motivation ? Preparing Your Environment for Investigating PowerShell ? Obfuscating the Cradle: (New-Object Net.WebClient) ? Additional Methods for Remote Download ? More Obfuscation Techniques and Detection Attempts ? What's Old Is New: Encoding/Decoding with PS 1.0 ? Launch Techniques ? Invoke-Obfuscation Demo
Motivation
? PowerShell as an attack platform and post-exploitation framework is an everincreasing trend
? Native and signed Windows binary in Windows Vista and later ? Memory only execution capabilities (evade A/V and application whitelisting) ? Ever-expanding set of attack frameworks
? Used by advanced attackers, script kiddies and penetration testers in both targeted attacks and commodity malware
? Nearly impossible to detect if command line arguments and/or PowerShell event logs are not logged and monitored
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- windows powershell command line arguments
- powershell notes for professionals
- powershell command line argument obfuscation techniques
- powershell tutorial ntnu
- input powershell tutorial
- powershell cheat sheet syracuse university
- powershell cheat sheet v2 jack fruh s sharepoint blog
- the complete guide to powershell punctuation
Related searches
- powershell command line switches
- powershell command line switch parameter
- windows command line argument syntax
- python command line argument string
- powershell command line params
- powershell command line variables
- powershell command line arguments array
- python command line argument parsing
- python command line argument argv
- command line argument in python
- powershell command line arguments
- powershell command line options