all InfoSec news
[SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File
Malware Analysis, News and Indicators - Latest topics malware.news
Yesterday, I published the following diary on isc.sans.edu: “Undetected PowerShell Backdoor Disguised as a Profile File“:
PowerShell remains an excellent way to compromise computers. Many PowerShell scripts found in the wild are usually obfuscated. Most of the time, this helps to have the script detected by fewer antivirus vendors. Yesterday, I found a script that scored 0/59 on VT! Let’s have a look at it.
The file was found with the name « Microsoft.PowerShell_profile.ps1 ». The attacker nicely …
antivirus backdoor compromise computers edu file isc obfuscated powershell powershell backdoor powershell scripts profile sans sans.edu sans isc script scripts undetected vendors