Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science

Дата: 28.08.2017. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, being a Windows-signed binary native on Windows 7 and later that enables reflective injection of binaries and DLLs and memory-resident execution of remotely hosted scripts, has made it increasingly attractive for attackers and commodity malware authors alike. In environments where PowerShell is heavily used, filtering out legitimate activity to detect malicious PowerShell usage is not trivial.

by Daniel Bohannon & Lee Holmes

Full Abstract & Presentation Materials:
https://www.blackhat.com/us-17/briefings.html#revoke-obfuscation-powershell-obfuscation-detection-and-evasion-using-science

CISO CLUB

Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *