filmov
tv
Analyzing PowerShell Payloads - Part 5
Показать описание
Example 5: PowerShell payload containing shellcode contained within obfuscated hexadecimal data
Cyber Chef Recipe
Regular_expression('User defined','[0-9a-zA-Z+/=]{30,}',true,true,false,false,false,false,'List matches')
From_Base64('A-Za-z0-9+/=',true)
Remove_null_bytes()
Regular_expression('User defined','[0-9a-z\\<\\,]{30,}',true,true,false,false,false,false,'List matches')
Find_/_Replace({'option':'Regex','string':'<'},'BxDx',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'BxD'},'0',true,false,true,false)
From_Hex('Auto')
--
John Dwyer
--
Disclaimer: Samples shown in the video were pulled from open source intel locations and we don't recommend accessing the associated IPs or domains.
Cyber Chef Recipe
Regular_expression('User defined','[0-9a-zA-Z+/=]{30,}',true,true,false,false,false,false,'List matches')
From_Base64('A-Za-z0-9+/=',true)
Remove_null_bytes()
Regular_expression('User defined','[0-9a-z\\<\\,]{30,}',true,true,false,false,false,false,'List matches')
Find_/_Replace({'option':'Regex','string':'<'},'BxDx',true,false,true,false)
Find_/_Replace({'option':'Regex','string':'BxD'},'0',true,false,true,false)
From_Hex('Auto')
--
John Dwyer
--
Disclaimer: Samples shown in the video were pulled from open source intel locations and we don't recommend accessing the associated IPs or domains.
0:07:32
Analyzing PowerShell Payloads - Part 1
0:07:32
Analyzing PowerShell Payloads Part 1
0:08:15
Analyzing PowerShell Payloads - Part 3
0:06:50
Analyzing PowerShell Payloads - Part 2
0:09:26
Analyzing PowerShell Payloads - Part 5
0:17:38
Analyzing PowerShell Payloads - Part 6
0:06:50
Analyzing PowerShell Payloads Part 2
0:08:15
Analyzing PowerShell Payloads Part 3
0:10:45
Analyzing PowerShell Payloads - Part 7
0:08:04
Analyzing PowerShell Payloads - Part 4
0:13:22
Analyzing PowerShell Payloads EP9
0:17:38
Analyzing PowerShell Payloads Part 6
0:09:26
Analyzing PowerShell Payloads Part 5
0:08:04
Analyzing PowerShell Payloads Part 4
0:10:45
Analyzing PowerShell Payloads Part 7
0:16:11
Analyzing PowerShell Payloads Episode 10
0:07:38
Analyzing PowerShell payloads - Episode 8
0:39:09
Analyzing PowerShell Payloads - Episode 11
0:31:56
BTLO Malicious PowerShell Analysis Walkthru
0:26:42
Fileless Malware Analysis & PowerShell Deobfuscation
0:13:40
Learn Polymorphic Powershell Payload Techniques! [PAYLOAD]
0:13:19
Malicious PowerShell Execution Techniques
0:13:14
NEW Powershell features in DuckyScript 3.0
0:35:01
Finding and Decoding Malicious Powershell Scripts - SANS DFIR Summit 2018
Комментарии