I published the following diary on isc.sans.edu: “PowerShell Sample Extracting Payload From SSL“:
Another diary, another technique to fetch a malicious payload and execute it on the victim host. I spotted this piece of Powershell code this morning while reviewing my hunting results. It implements a very interesting technique. As usual, all the code snippets below have been beautified. First, it implements a function to reverse obfuscated strings… [Read more]
One comment