Explore PowerShell obfuscation detection and evasion techniques in this 48-minute conference talk from Derbycon 7 (2017). Delve into topics such as PowerShell logs, authentication options, and assumptions about obfuscation. Learn about new object creation, invoke expressions, and the Invoke-Crate Crafter tool. Discover the process of building a corpus and the findings from this research. Gain insights into PowerShell security through a live demonstration, enhancing your understanding of both offensive and defensive cybersecurity strategies.
Overview
Syllabus
Introduction
Daniel Bohannon
PowerShell logs
Authentication options
Assumptions
New Object
Invoke Expression
InvokeCrate Crafter
Lip Service
Build A Corpus
What We Found
PowerShell
Demo
Related Courses
-
Revoke-Obfuscation - PowerShell Obfuscation Detection and Evasion Using Science
-
Invoke Obfuscation - PowerShell Obfuscation Techniques and How to Try to Detect Them
-
Invoke CradleCrafter Moar PowerShell obFUsk8tion Detection Techniques
-
PSAmsi - An Offensive PowerShell Module for Interacting with the Anti Malware Scan Interface
-
Introducing DeepBlueCLI v2 Now Available in PowerShell and Python
-
Introducing DeepBlueCLI - A PowerShell Module for Hunt Teaming via Windows Event Logs
