If you are a threat hunter, you will be well familiar with PowerShell and common obfuscation techniques. The obvious one is Base64 encoding, but other encoding techiques (gzip, XOR, etc), string techniques (escaping, format string, concat, etc.), downloading & executing in memory are just a few other ways that might help attackers stay under the radar. You might have come across the excellent talk by Daniel Bohannon on PowerShell obfuscation techniques [1], in which various obuscation and detection evasion techniques using PowerShell are explained.
Hi Paul, apologies for the late reply. I believe you might be referencing this article ( -powershell-to-explore-office-365-installation). From what I can tell in the article, Export-CliXml uses ConvertFrom-SecureString, so both commands get to the same result. Just depends on if you want to store it as a text file or in XML code. It looks like XML stores the whole object with both username and password while my method just stores the password. You would still need to provide the username, like I did using a variable.
PowerShell Obfuscation using SecureString
2ff7e9595c
Comments