I published the following diary on isc.sans.edu: “PowerShell Script with a builtin DLL“:
Attackers are always trying to bypass antivirus detection by using new techniques to obfuscate their code. I recently found a bunch of scripts that encode part of their code in Base64. The code is decoded at execution time and processed via the ‘IEX’ command… [Read more]
[The post [SANS ISC] PowerShell Script with a builtin DLL has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2019/09/06/sans-isc-powershell-script-with-a-builtin-dll/