I published the following diary on isc.sans.edu: “PowerShell Script with a builtin DLL“:
Attackers are always trying to bypass antivirus detection by using new techniques to obfuscate their code. I recently found a bunch of scripts that encode part of their code in Base64. The code is decoded at execution time and processed via the ‘IEX’ command… [Read more]