powershell

Analyzing Encrypted RDP Connections

Analyzing Encrypted RDP Connections

| | APT39, APT40, Corelight Labs, encryption, Microsoft, MITRE ATT&CK, MS-RDPBCGR, MS-RDPEUDP, MS-RDPEUDP2, open source, powershell, RDP, SharpRDP, SSH, TCP, TLS, Windows, Zeek
By Anthony Kasza, Corelight Security Researcher Microsoft’s Remote Desktop Protocol (RDP) is used to remotely administer systems within Windows environments. RDP is everywhere Windows is and is useful for conducting remote work ...
Bright Ideas Blog
EH-Net - Osanda - WMI 101 for Pentesters

WMI 101 for Pentesters

| | /root, CLI, highlight, pentest, powershell, Tutorial, Windows, wmi
PowerShell has gained popularity with SysAdmins and for good reason. It’s on every Windows machine (and now some Linux machines as well), has capabilities to interact with almost every service on every ...
The Ethical Hacker Network
Automating Directory Services

Automating Directory Services

| | APIs, Automation, Directory Services, powershell
Automating directory services can be done with APIs and group-based provisioning to IT resources. The post Automating Directory Services appeared first on JumpCloud ...
Blog – JumpCloud
Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files

Ransomware Goes Fileless, Uses Malicious Documents and PowerShell to Encrypt Files

| | fileless, ftcode, Italy, powershell, Ransomware, Threat Research, threats
In October 2019, we encountered a phishing campaign delivering a malicious Microsoft Word document that distributed ransomware with a twist. Unlike most ransomware families, such as GandCrab, WannaCry and RobinHood, the malware ...
Bromium
We will walk through the script to find interesting patterns and deobfuscate the code.

Emotet: Catch Me If You Can (Part 2 of 3)

| | banking trojan, Emotet, powershell, threats
Emotet is a highly modular banking Trojan that has a proper decision tree-based algorithm to perform designated tasks. Due to Emotet’s capability to deliver obfuscated payloads and extend its capabilities through self-upgradable ...
Bromium
MuddyWater Group Using Spam Campaign to Hijack Victims’ Computers

MuddyWater Group Using Spam Campaign to Hijack Victims’ Computers

| | IT Security and Data Protection, Latest Security News, MuddyWater, powershell, Spam
The MuddyWater threat attack group is using a spam campaign to hijack victims’ computers and steal sensitive information. Discovered by Heimdal Security in early April, the campaign begins when malicious actors use ...
The State of Security
Ursnif infection chain Bromium blog

Tricks and COMfoolery: How Ursnif Evades Detection

| | Breaking News, bypass an attack surface reduction rule, Gozi, Microsoft Word, powershell, Threat, threats, Ursnif
Ursnif is one of the main threats that is effectively evading detection right now (at publication) The dropper uses a COM technique to hide its process parentage WMI is used to bypass ...
Bromium
AMSI Disabling AntiMalware Software Bromium blog

Disabling Anti-Malware Scanning

| | AMSI, Anti-Malware, anti-virus, powershell, threats
This post follows on from the previous blog post, Preview Pane, looking at the later parts of the kill chain for the same malicious document. Here I will detail a technique for ...
Bromium
PowerShell is executing inside the Explorer Preview pane

Preview Pain: Malware Triggers in Outlook Preview Without User Opening Word Document

| | email attachment, excel, Malware, Microsoft, outlook, powershell, Preview, threats, word
A recent malware sample forwarded to our Threat Intelligence service had some very interesting properties which we think would be useful to share. The sample itself is a Word document which is ...
Bromium
Super Mario Oddity

Super Mario Oddity

| | excel, gandcrab, Italy, malspam, Malware, powershell, threats
A few days ago, I was investigating a sample piece of malware where our static analysis flagged a spreadsheet as containing a Trojan but the behavioural trace showed very little happening. This ...
Bromium
Load more