all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Analyzing .NET Downloader, Suspicious PowerShell activity and a Curious Open Directory

Add to bookmarks
Feb. 8, 2023, 8 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

I recently came across an interesting .NET downloader that displayed odd Powershell activity along with an open directory full of obfuscated files. In this video, we'll investigate this highly obfuscated .net downloader to discuss techniques to unravel it's capabilities. We'll then look at how it redirects STDIN for the Powershell proceess to a stream buffer to avoid leaving evidence in the logs. And finally, we'll unravel the Powershell script used to download and decrypt the open directory full of malicious …

buffer capabilities directory discuss files logs obfuscated powershell powershell script redirects script stream techniques video

Visit resource

More from www.youtube.com / Dr Josh Stroschein

🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 6 days, 2 hours ago | www.youtube.com
basics episode explorer focus +10
MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 1 week, 3 days ago | www.youtube.com
basics build episode explorer +12
Malware Mondays?!? Learn more 2 weeks, 2 days ago | www.youtube.com
learn malware
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 4 weeks ago | www.youtube.com
artifact data goal learn +11
MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 1 month, 1 week ago | www.youtube.com
amadey artifacts capture data +11
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 1 month, 1 week ago | www.youtube.com
artifact data goal learn +11
Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 1 month, 1 week ago | www.youtube.com
assembly disassembly effectively ghidra +9
Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 1 month, 2 weeks ago | www.youtube.com
analysis debugging development easy +18
Customizing FakeNet-NG for Malicious Document Analysis! How to modify the web root 1 month, 3 weeks ago | www.youtube.com
analysis can default dive +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

SITEC- Systems Security Administrator- Camp HM Smith

@ Peraton | Camp H.M. Smith, HI, United States
View on infosec-jobs.com

Cyberspace Intelligence Analyst

@ Peraton | Fort Meade, MD, United States
View on infosec-jobs.com

General Manager, Cybersecurity, Google Public Sector

@ Google | Virginia, USA; United States
View on infosec-jobs.com

Cyber Security Advisor

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com

Engineering Team Manager – Security Controls

@ H&M Group | Stockholm, Sweden
View on infosec-jobs.com
View more jobs