obfuscation – Page 7 – WindowsTechs.com

[SANS ISC] PowerShell Dropper Delivering Formbook

Posted on November 19, 2020 by Xavier

I published the following diary on isc.sans.edu: “PowerShell Dropper Delivering Formbook“: Here is an interesting PowerShell dropper that is nicely obfuscated and has anti-VM detection. I spotted this file yesterday, called ‘ad.jpg’ (SHA256:b243e807ed22359a3940ab16539ba59910714f051034a8a155cc2aff28a85088). Of course, it’s not a picture but a huge text file with Base64-encoded data. The VT score is therefore

The post [SANS ISC] PowerShell Dropper Delivering Formbook appeared first on /dev/random.

Continue reading [SANS ISC] PowerShell Dropper Delivering Formbook→

Would Indistinguishability obfuscation make Javascript cryptography viable?

Posted on November 18, 2020 by Garrett Motzner

I know Javascript Cryptography is considered harmful because:

Secure delivery of Javascript to browsers is a chicken-egg problem.
Browser Javascript is hostile to cryptography.
The "view-source" transparency of Javascript is il… Continue reading Would Indistinguishability obfuscation make Javascript cryptography viable?→

[SANS ISC] Old Worm But New Obfuscation Technique

Posted on November 13, 2020 by Xavier

I published the following diary on isc.sans.edu: “Old Worm But New Obfuscation Technique“: Yesterday I found an interesting JavaSvript script delivered through a regular phishing campaign (SHA256:70c0b9d1c88f082bad6ae01fef653da6266d0693b24e08dcb04156a629dd6f81) and has a VT score of 17/61. The script obfuscation is simple but effective: the malicious code is decoded and passed to an eval()

The post [SANS ISC] Old Worm But New Obfuscation Technique appeared first on /dev/random.

Continue reading [SANS ISC] Old Worm But New Obfuscation Technique→

[SANS ISC] Did You Spot “Invoke-Expression”?

Posted on November 5, 2020 by Xavier

I published the following diary on isc.sans.edu: “Did You Spot “Invoke-Expression”?“:

When a PowerShell script is obfuscated, the deobfuscation process is, most of the time, performed through the Invoke-Expression cmdlet. In… Continue reading [SANS ISC] Did You Spot “Invoke-Expression”?→

Lessons from Teaching Cybersecurity: Week 5

Posted on October 30, 2020 by Tyler Reguly

As I had mentioned previously this year, I’m going back to school. Not to take classes, but to teach a course at my alma mater, Fanshawe College. I did this about a decade ago and thought it was interesting, so I was excited to give it another go. Addi… Continue reading Lessons from Teaching Cybersecurity: Week 5→

Lessons from Teaching Cybersecurity: Week 5

Posted on October 30, 2020 by Tyler Reguly

Obfuscating an .exe file

Posted on October 28, 2020 by 1afx0

Is there a way to obfuscate an existing .exe file?
I’m in a situation where I cannot transfer the winPEAS.exe file (for PrivEsc purposes) on a Win10 machine because of the AV blocking the executable.
Any other solution will be appreciated…. Continue reading Obfuscating an .exe file→

P.A.S. Fork v. 1.0 — A Web Shell Revival

Posted on October 26, 2020 by Luke Leal

A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most popular PHP web shells, like WSO or b374k.
After all, if these popular (and readi… Continue reading P.A.S. Fork v. 1.0 — A Web Shell Revival→

[SANS ISC] Nicely Obfuscated Python RAT

Posted on October 15, 2020 by Xavier

I published the following diary on isc.sans.edu: “Nicely Obfuscated Python RAT“: While hunting, I found an interesting Python script. It matched one of my YARA rules due to the interesting list of imports but the content itself was nicely obfuscated. The script SHA256 hash is c5c8b428060bcacf2f654d1b4d9d062dfeb98294cad4e12204ee4aa6e2c93a0b and the current VT score

The post [SANS ISC] Nicely Obfuscated Python RAT appeared first on /dev/random.

Continue reading [SANS ISC] Nicely Obfuscated Python RAT→

Does "Security By Obfuscation" have any place in good security practices? [duplicate]

Posted on October 12, 2020 by Bitsplease

One thing I’ve had hammered into me by pretty much every security expert I’ve talked to is that security by obfuscation is not a substitute for actual security measures. However, it has me wondering; are there any valid cases for security … Continue reading Does "Security By Obfuscation" have any place in good security practices? [duplicate]→