all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How to Detect Process Injection of PowerShell Backdoor with Native CMD or Powershell commands ?

Add to bookmarks
Oct. 31, 2022, 5:59 a.m. | /u/MyRedditiJustMade

For [Blue|Purple] Teams in Cyber Defence www.reddit.com

I'm doing a cyber training exercise and believe red team has a powershell backdoor on a box we're investigating . The box does not have any extra installed software such as sysinternals its just a basic windows image . This has lead me to wondering if there is a good way to detect process injection such as DLL hijacking or PE injection with native commands . Links to any resources or scripts is greatly appreciated .

backdoor blueteamsec injection powershell powershell backdoor process process injection

Visit resource

More from www.reddit.com / For [Blue|Purple] Teams in Cyber Defence

JA4T: TCP Fingerprinting - And How to Use It to Block Over 60% of Internet … 13 hours ago | www.reddit.com
block blueteamsec fingerprinting internet +3
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices 15 hours ago | www.reddit.com
arcanedoor blueteamsec campaign devices +6
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers - The Citizen … 1 day, 5 hours ago | www.reddit.com
apps blueteamsec citizen lab keyboard +7
Spain reopens a probe into a Pegasus spyware case after a French request to work … 1 day, 5 hours ago | www.reddit.com
blueteamsec case french pegasus +6
Justice Department Announces Charges Against Four Iranian Nationals For Multi-Year Cyber Campaign Targeting U.S. Companies 1 day, 9 hours ago | www.reddit.com
blueteamsec campaign charges companies +7
Decrypting Synology Patchfiles 1 day, 22 hours ago | www.reddit.com
blueteamsec synology
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials 2 days, 16 hours ago | www.reddit.com
blizzard blueteamsec compromise credentials +5
No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities 3 days, 4 hours ago | www.reddit.com
agents blueteamsec can exploit +2
Request for Feedback: Roadmap to Threat Hunter 3 days, 17 hours ago | www.reddit.com
blueteamsec cloud cybersecurity engineer +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Systems Security Officer (ISSO) (Remote within HR Virginia area)

@ OneZero Solutions | Portsmouth, VA, USA
View on infosec-jobs.com

Security Analyst

@ UNDP | Tripoli (LBY), Libya
View on infosec-jobs.com

Senior Incident Response Consultant

@ Google | United Kingdom
View on infosec-jobs.com

Product Manager II, Threat Intelligence, Google Cloud

@ Google | Austin, TX, USA; Reston, VA, USA
View on infosec-jobs.com

Cloud Security Analyst

@ Cloud Peritus | Bengaluru, India
View on infosec-jobs.com
View more jobs