[SANS ISC] More Undetected PowerShell Dropper

I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“:

Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar to Jan’s diary posted yesterday but I decided to review it because it has, here again, a null VT store… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.