Overview
Dive deep into advanced cmd[.]exe obfuscation techniques in this Black Hat Asia 2018 Best Briefing presentation. Explore multi-faceted obfuscation opportunities, starting with carets, quotes, and stdin argument hiding. Extrapolate more complex methods, including FIN7's string removal/replacement concept and two novel obfuscation and full encoding techniques performed entirely in cmd[.]exe's memory. Learn three approaches for obfuscating binary names from static and dynamic analysis, and discover lesser-known cmd[.]exe replacement binaries. Gain valuable insights into S-level CMD obfuscation strategies to enhance your understanding of cybersecurity techniques and defenses.
Syllabus
Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
Taught by
Black Hat