Explore advanced command-line obfuscation techniques in this 55-minute conference talk from NorthSec. Dive deep into cmd.exe's multi-faceted obfuscation capabilities, starting with basic methods like carets, quotes, and stdin argument hiding. Progress to more complex techniques, including string removal/replacement and novel full encoding methods performed entirely in memory. Learn about obfuscating binary names from static and dynamic analysis, and discover lesser-known cmd.exe replacement binaries. Witness a live demonstration of the Invoke-DOSfuscation framework, which implements these multi-layered obfuscation techniques. Gain insights into the detection implications and defensive approaches for combating this evolving form of obfuscation used by advanced threat actors.
Invoke-DOSfuscation - Techniques for CMD Obfuscation
Overview
Syllabus
Daniel Bohannon - Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Taught by
NorthSec
Related Courses
-
Techniques for Command Line Obfuscation
-
Invoke-DOSfuscation - Techniques for CMD Obfuscation
-
Invoke-DOSfuscation - Techniques for S-level CMD Obfuscation
-
Invoke DOSfuscation Techniques - FOR F IN Style DO S Level CMD Obfuscation
-
Invoke Obfuscation - PowerShell Obfuscation Techniques and How to Try to Detect Them
-
Invoke Obfuscation - PowerShell Obfuscation Techniques and How To Try To Detect Them
