Overview
Explore advanced command-line obfuscation techniques used by skilled attackers to evade detection in this conference talk from the Hack In The Box Security Conference. Dive deep into cmd.exe's multi-faceted obfuscation capabilities, starting with basic methods like carets, quotes, and stdin argument hiding. Examine more complex techniques, including string removal/replacement and two novel obfuscation and full encoding methods performed entirely in memory. Learn about approaches for obfuscating binary names from static and dynamic analysis, and discover lesser-known cmd.exe replacement binaries. Gain insights into the Invoke-DOSfuscation framework, a new tool for obfuscating payloads using multi-layered techniques. Understand the detection implications and defensive strategies for combating this type of obfuscation, essential knowledge for both red teamers and defenders in the ongoing cat-and-mouse game of cybersecurity.
Syllabus
#HITB2018AMS D1T2 - Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation) - Daniel Bohannon
Taught by
Hack In The Box Security Conference