I published the following diary on isc.sans.edu: “Malicious PowerShell Compiling C# Code on the Fly“:
What I like when hunting is to discover how attackers are creative to find new ways to infect their victimâ€™s computers. I came across a Powershell sample that looked new and interesting to me. First, letâ€™s deobfuscate the classic way.
It started with a simple Powerscript command with a big Base64 encoded string… [Read more]