Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)

Дата: 27.06.2018. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

Voted Best of Black Hat Asia 2018 Briefings
By Daniel Bohannon

In this presentation, I will dive deep into cmd[.]exe’s multi-faceted obfuscation opportunities beginning with carets, quotes and stdin argument hiding. Next I will extrapolate more complex techniques including FIN7’s string removal/replacement concept and two never-before-seen obfuscation and full encoding techniques – all performed entirely in memory by cmd[.]exe. Finally, I will outline three approaches for obfuscating binary names from static and dynamic analysis while highlighting lesser-known cmd[.]exe replacement binaries.

Full Abstract & Presentation Materials: https://www.blackhat.com/asia-18/briefings.html#invoke-dosfuscation-techniques-for-%f-in—style-do-s-level-cmd-obfuscation

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *