YoVDO

Invoke-DOSfuscation - Techniques for CMD Obfuscation

Offered By: NorthSec via YouTube

Tags

NorthSec Courses Cybersecurity Courses Offensive Security Courses Threat Hunting Courses

Course Description

Overview

Explore advanced command-line obfuscation techniques in this 55-minute conference talk from NorthSec. Dive deep into cmd.exe's multi-faceted obfuscation capabilities, starting with basic methods like carets, quotes, and stdin argument hiding. Progress to more complex techniques, including string removal/replacement and novel full encoding methods performed entirely in memory. Learn about obfuscating binary names from static and dynamic analysis, and discover lesser-known cmd.exe replacement binaries. Witness a live demonstration of the Invoke-DOSfuscation framework, which implements these multi-layered obfuscation techniques. Gain insights into the detection implications and defensive approaches for combating this evolving form of obfuscation used by advanced threat actors.

Syllabus

Daniel Bohannon - Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)


Taught by

NorthSec

Related Courses

I Am Become Loadbalancer, Owner of Your Network
NorthSec via YouTube The Risks of RDP and How to Mitigate Them
NorthSec via YouTube Authentication Challenges in SaaS Integration and Cloud Transformation
NorthSec via YouTube Building CANtact Pro - An Open Source CAN Bus Tool
NorthSec via YouTube Unmasking the Chameleons of the Criminal Underground
NorthSec via YouTube