PowerShell

PE Files and How to Create a PowerShell PE File Parser

 July 11, 2024

This is taken from my project Invoke-PEAnalysis. PE File Types To begin with, Portable Executable (PE) is the name given to executable images developed for the Windows operating system. Most…

📌
read more

The Problem with PowerShell Logging Bypasses

 June 24, 2024

Before we start talking about logging bypasses and why they generally suck at bypassing logs, I’ll provide a little context on PowerShell logging and ScriptBlocks. PowerShell ScriptBlocks are collections of…

📌
read more

Using Bitwise NOT operations to obfuscate commands in PowerShell

 May 24, 2024

Bitwise NOT commands are often used in PowerShell malware samples to obfuscate commands. A bitwise NOT operation flips all the bits in a given byte sequence. There are many ways…

📌
read more

The Evolution and Analysis of SolarMarker Project Announcement

 February 14, 2024

SolarMarker is one of the more common Infostealers out there. Every analyst is probably tired of seeing users clicking SEO-poisoned links and downloading some variation of Totally-Not-Malware-PDF.exe. Originally observed in…

📌
read more

GuLoader Analysis

 December 15, 2023

This week I was browsing MalwareBazaar for interesting samples and came across a GuLoader VBS upload. I’m still pretty new to malware analysis and I haven’t done anything with VBS…

📌
read more

Gravwell search API PowerShell Module

 December 7, 2023

This quick and easy PowerShell module was designed to facilitate search queries between a Gravwell search API endpoint and a local client. It supports pre-configured JSON profiles for running repeated…

📌
read more