A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Powershell Deobfuscation: Putting the toothpaste back in the tube - Daniel Grant (BSidesCharm 2018) (Hacking Illustrated Series InfoSec Tutorial Videos)

Powershell Deobfuscation: Putting the toothpaste back in the tube

Daniel Grant

BSidesCharm 2018
http://www.bsidescharm.com

We've developed a tool for detecting and deobfucating obfuscated Powershell scripts. This starts with a machine learning classifier to determine if a file is obfuscated or encoded, reversing any encoding any easy to decipher obfuscation found, and then finishing up the more difficult deobfuscation tasks using a neural network text translation framework. In an effort to provide analysts with a clearer picture of what happened after exploitation and save them time, we've developed a tool for detecting and deobfucating obfuscated Powershell scripts. This starts with a machine learning classifier to determine if a file is obfuscated or encoded, reversing any encoding any easy to decipher obfuscation found, and then finishing up the more difficult deobfuscation tasks using a neural network text translation framework.

Daniel Grant is a Data Scientist at Endgame where he focuses primarily on multi-class malware identification, model validation, and system behavioral analysis. He has an MS in Operations Research from Georgia Tech.

Back to BSidesCharm 2018 list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2019, IronGeek
Louisville / Kentuckiana Information Security Enthusiast