Explore advanced command-line obfuscation techniques used by skilled attackers to evade detection in this conference talk from the Hack In The Box Security Conference. Dive deep into cmd.exe's multi-faceted obfuscation capabilities, starting with basic methods like carets, quotes, and stdin argument hiding. Examine more complex techniques, including string removal/replacement and two novel obfuscation and full encoding methods performed entirely in memory. Learn about approaches for obfuscating binary names from static and dynamic analysis, and discover lesser-known cmd.exe replacement binaries. Gain insights into the Invoke-DOSfuscation framework, a new tool for obfuscating payloads using multi-layered techniques. Understand the detection implications and defensive strategies for combating this type of obfuscation, essential knowledge for both red teamers and defenders in the ongoing cat-and-mouse game of cybersecurity.
Overview
Syllabus
#HITB2018AMS D1T2 - Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) - Daniel Bohannon
Taught by
Hack In The Box Security Conference
Related Courses
-
Invoke-DOSfuscation - Techniques for CMD Obfuscation
-
Invoke-DOSfuscation - Techniques for S-level CMD Obfuscation
-
Invoke-DOSfuscation - Techniques for CMD Obfuscation
-
Invoke DOSfuscation Techniques - FOR F IN Style DO S Level CMD Obfuscation
-
Invoke Obfuscation - PowerShell Obfuscation Techniques and How to Try to Detect Them
-
Invoke Obfuscation - PowerShell Obfuscation Techniques and How To Try To Detect Them
