top of page
roodfivetibipli

PowerShell Obfuscation using SecureString: A Case Study of a Real-World Attack Using SecureString



If you are a threat hunter, you will be well familiar with PowerShell and common obfuscation techniques. The obvious one is Base64 encoding, but other encoding techiques (gzip, XOR, etc), string techniques (escaping, format string, concat, etc.), downloading & executing in memory are just a few other ways that might help attackers stay under the radar. You might have come across the excellent talk by Daniel Bohannon on PowerShell obfuscation techniques [1], in which various obuscation and detection evasion techniques using PowerShell are explained.


Hi Paul, apologies for the late reply. I believe you might be referencing this article ( -powershell-to-explore-office-365-installation). From what I can tell in the article, Export-CliXml uses ConvertFrom-SecureString, so both commands get to the same result. Just depends on if you want to store it as a text file or in XML code. It looks like XML stores the whole object with both username and password while my method just stores the password. You would still need to provide the username, like I did using a variable.




PowerShell Obfuscation using SecureString

2ff7e9595c


0 views0 comments

Recent Posts

See All

Baixar microsoft word 2017

Como baixar o 10º cartão de admissão 2017 Se você é um aluno que vai se apresentar para os exames da diretoria da CBSE 2017, deve estar...

Comments


bottom of page