powershell – Page 6 – MCYSEKA-Maritime Cyber Security Knowledge Archive

[SANS ISC] Deobfuscation of Malware Delivered Through a .bat File

Today, I published the following diary on isc.sans.edu: “Deobfuscation of Malware Delivered Through a .bat File“: I found a phishing email that delivered a RAR archive (password protected). Inside the archive, there was a simple .bat file (SHA256: 57ebd5a707eb69dd719d461e1fbd14f98a42c6c3dcb8505e4669c55762810e70) with the following name: “SRI DISTRITAL – DPTO DE COBRO -SRI

The post [SANS ISC] Deobfuscation of Malware Delivered Through a .bat File appeared first on /dev/random.

July 20, 2023

0 comment

PowerMeUp : A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not be responsible […]

June 30, 2023

0 comment

[SANS ISC] Malware Delivered Through .inf File

Today, I published the following diary on isc.sans.edu: “Malware Delivered Through .inf File“: Microsoft has used “.inf” files for a while. They are simple text files and contain setup information in a driver package. They describe what must be performed to install a driver package on a device. When you

The post [SANS ISC] Malware Delivered Through .inf File appeared first on /dev/random.

June 19, 2023

0 comment

CISA advisory on LockBit: $91 million extorted from 1,700 attacks since 2020

FBI, CISA and international organizations released an advisory detailing breadth and depth of LockBit, and how to defend against the most prevalent ransomware of 2022 and (so far) 2023.
The post CISA advisory on LockBit: $91 million extorted from 1,700…

June 16, 2023

0 comment

[SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File

Yesterday, I published the following diary on isc.sans.edu: “Undetected PowerShell Backdoor Disguised as a Profile File“: PowerShell remains an excellent way to compromise computers. Many PowerShell scripts found in the wild are usually obfuscated. Most of the time, this helps to have the script detected by fewer antivirus vendors. Yesterday,

The post [SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File appeared first on /dev/random.

June 10, 2023

0 comment

New PowerDrop malware targets U.S. aerospace defense industry

A previously unknown threat actor has been observed targeting the U.S. aerospace defense sector with a new PowerShell malware dubbed PowerDrop. Researchers from the Adlumin Threat Research discovered a new malicious PowerShell script, dubbed PowerDrop, that was employed in attacks aimed at organizations in the U.S. aerospace sector. The PowerShell-based malware uses advanced techniques to […]

The post New PowerDrop malware targets U.S. aerospace defense industry appeared first on Security Affairs.

June 7, 2023

0 comment

Minas – on the way to complexity

Kaspersky analysis of a complicated multi-stage attack dubbed Minas that features a number of detection evasion and persistence techniques and results in a cryptocurrency miner infection.

May 17, 2023

0 comment

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

April 27, 2023

0 comment

Invoke-PSObfuscation : An In-Depth Approach To Obfuscating The Individual Components Of A PowerShell Payload Whether You’Re On Windows Or Kali Linux

Invoke-PSObfuscation is an in-depth approach to obfuscating the individual components of a PowerShell payload whether you’re on Windows or Kali Linux. Traditional obfuscation techniques tend to add layers to encapsulate standing code, such as base64 or compression. These payloads do continue to have a varied degree of success, but they have become trivial to extract […]

April 11, 2023

0 comment

Bad magic: new APT found in the area of Russo-Ukrainian conflict

In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions.

March 21, 2023

0 comment

1 … 4 5 6 7