![]() To perform this analysis, I needed to first identify samples that were using this technique. Second, I will be using this blog to catalog the PowerShell code with examples of each decoded sample to aide in future identification or research. ![]() First, in the “Analysis Overview”, I will be analyzing 4,100 recent samples identified within Palo Alto Networks AutoFocus that employ this EncodedCommand technique to see how PowerShell is being used and what techniques are being used in the wild for PowerShell attacks. The purpose of this blog will be two-fold. By masking the “malicious” part of your command from prying eyes you can avoid strings that may tip-off the defense. ![]() As shown above from the PowerShell Help output, it’s a command intended to take complex strings that may otherwise cause issues for the command-line and wrap them up for PowerShell to execute.
0 Comments
Leave a Reply. |