[SANS ISC] Undetected PowerShell Backdoor Disguised as a Profile File | allinfosecnews.com

June 10, 2023, 8:35 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Yesterday, I published the following diary on isc.sans.edu: “Undetected PowerShell Backdoor Disguised as a Profile File“:

PowerShell remains an excellent way to compromise computers. Many PowerShell scripts found in the wild are usually obfuscated. Most of the time, this helps to have the script detected by fewer antivirus vendors. Yesterday, I found a script that scored 0/59 on VT! Let’s have a look at it.

The file was found with the name « Microsoft.PowerShell_profile.ps1 ». The attacker nicely …

antivirus backdoor compromise computers edu file isc obfuscated powershell powershell backdoor powershell scripts profile sans sans.edu sans isc script scripts undetected vendors

More from malware.news / Malware Analysis, News and Indicators - Latest topics

New Redline Version: Uses Lua Bytecode, Propagates Through GitHub 1 day, 5 hours ago | malware.news

bytecode code detect found +12

Cybersecurity firm Darktrace sold to Thoma Bravo for $5.3 billion 1 day, 17 hours ago | malware.news

acquisition article cybersecurity darktrace +5

Arctic Wolf Recognized as a Leader in Frost & Sullivan Managed Detection and Response Report 1 day, 18 hours ago | malware.news

amp and response april arctic +20

CVE-2024-29204, CVE-2024-24996: Critical Vulnerabilities in Ivanti Avalanche 1 day, 18 hours ago | malware.news

april avalanche components critical +19

Showcasing Artwork by Max for Autism Awareness Month 1 day, 19 hours ago | malware.news

art article artwork autism +6

TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381 1 day, 19 hours ago | malware.news

article cisco deepfakes flowmon +6

Kaiser Permanente notifies 13.4M patients of potential data exposure 1 day, 19 hours ago | malware.news

apps article data data exposure +16

Impact of organizational structure on ransomware outcomes: Where does your org fit in? 1 day, 19 hours ago | malware.news

article challenges core security detection +15

VA is warning veterans about Change Healthcare cyberattack, secretary says 1 day, 20 hours ago | malware.news

alerting article attack change +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Network Security Engineer

@ Meta | Menlo Park, CA | Remote, US

View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Washington, DC

View on infosec-jobs.com

Threat Investigator- Security Analyst

@ Meta | Menlo Park, CA | Seattle, WA | Washington, DC

View on infosec-jobs.com

Security Operations Engineer II

@ Microsoft | Redmond, Washington, United States

View on infosec-jobs.com

Engineering -- Tech Risk -- Global Cyber Defense & Intelligence -- Bug Bounty -- Associate -- Dallas

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com