Information security professionals explain that Harness is the remote access payload with the ability to provide a remote interactive PowerShell interface from a Windows system to almost any TCP socket. TheRead More →
An information security expert explains that Grouper is an unstable PowerShell module designed for use by pentesters and redteamers that filters the XML output of the Get-GPOReport cmdlet and identifies all theRead More →
A group of information security professionals that does active directory audits recently noticed that they are repeating themselves over and over again. So, the experts decided to write as much of thisRead More →
Invoke-DOSfuscation is a PowerShell v2.0+ compatible cmd.exe command obfuscation framework. (White paper: https://www.fireeye.com/blog/threat-research/2018/03/dosfuscation-exploring-obfuscation-and-detection-techniques.html) Over the past several years we witnessed a myriad of obfuscation and evasion techniques employed by several threatRead More →
Powerdown the PowerShell Attacks : Harnessing the power of logs to monitor the PowerShell activities Lately, I have been working on analyzing the PowerShell attacks in my clients’ environment. Based on theRead More →
PowerShell continues to be the tool of choice for defenders, IT administrators, and hackers. The extensibility, support, and ability to have a full-fledged programming language at your fingertips provides aRead More →
Embedding a shortcut (.lnk file) which points to powershell (accompanied by an encoded command) in a word document or zip file is a known sneaky trick to spread malware. TheRead More →
Just over one year ago (November 2015), I released WMIOps, a PowerShell script that enables a user to carry out different actions via Windows Management Instrumentation (WMI) on the localRead More →
Increasingly, cyberattackers have been leveraging “non-malware” attack methods to target vulnerable organizations. Recently, the Carbon Black Threat Research Team was alerted about such an attack by a partner’s incident responseRead More →
Once the province of nation-sponsored hackers, in-memory malware goes mainstream. Two years ago, researchers at Moscow-based Kaspersky Lab discovered their corporate network was infected with malware that was unlike anythingRead More →
Crooks are always creating new ways to improve the malware they use to target bank accounts, and now Brazilian bad guys have made an important addition to their arsenal: theRead More →
PowerShell scripts seen in around 38% of malware incidents. Microsoft’s PowerShell task automation framework is becoming one of the most popular tools for coding and enhancing malware, a Carbon Black studyRead More →
In recent variants of the infamous DNS-changer adware we have found that the coders use a particularly interesting method to bypass the default restrictions imposed for executing Powershell scripts. ExecutionRead More →
