I published the following diary on isc.sans.edu: “Malicious PowerShell Compiling C# Code on the Fly“:
What I like when hunting is to discover how attackers are creative to find new ways to infect their victim’s computers. I came across a Powershell sample that looked new and interesting to me. First, let’s deobfuscate the classic way.
It started with a simple Powerscript command with a big Base64 encoded string… [Read more]
[The post [SANS ISC] Malicious PowerShell Compiling C# Code on the Fly has been first published on /dev/random]