[SANS ISC] Did You Spot “Invoke-Expression”?

I published the following diary on isc.sans.edu: “Did You Spot “Invoke-Expression”?“:

When a PowerShell script is obfuscated, the deobfuscation process is, most of the time, performed through the Invoke-Expression cmdlet. Invoke-Expression evaluates the string passed as an argument and returns the results of the commands inside the string… [Read more]

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.