I published the following diary on isc.sans.edu: “Malicious PowerShell Compiling C# Code on the Fly“:
What I like when hunting is to discover how attackers are creative to find new ways to infect their victim’s computers. I came across a Powershell sample that looked new and interesting to me. First, let’s deobfuscate the classic way.
It started with a simple Powerscript command with a big Base64 encoded string… [Read more]