This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Friday, October 28 • 17:00 - 18:00
Invoke-Obfuscation: PowerShell obFUsk8tion Techniques

Sign up or log in to save this to your schedule and see who's attending!

The very best attackers hide their commands from A/V and application whitelisting technologies using encoded commands and memory-only payloads to evade detection. These techniques thwart Blue Teams from determining what was executed on a target system. However, network defenders are catching on, and state-of-the-art detection tools now monitor the command line arguments for powershell.exe either in real-time or from event logs.

We need new avenues to remain stealthy in a target environment. So, this talk will highlight a dozen never-before-seen techniques for obfuscating PowerShell command line arguments. As an incident responder at Mandiant, I have seen attackers use a handful of these methods to evade basic command line detection mechanisms. I will share these techniques already being used in the wild so you can understand the value each technique provides the attacker.


Friday October 28, 2016 17:00 - 18:00
01. Westvleteren University

Attendees (121)