1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Why Attackers Are Using C# For Post-PowerShell Attacks


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Why Attackers Are Using C# For Post-PowerShell Attacks

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: it.slashdot.org Direktlink öffnen

An anonymous Slashdot reader summarizes an article by a senior security researcher at Forecepoint Security Labs: Among cyber criminals, there has been a trend in recent years for using more so called 'fileless' attacks. The driver for this is to avoid detection by anti-virus. PowerShell is often used in these attacks. Part of the strategy behind fileless attacks is related to the concept of 'living off the land', meaning that to blend in and avoid detection, attackers strive for only using the tools that are natively available on the target system, and preferably avoiding dropping executable files on the file system. Recently, C# has received some attention in the security community, since it has some features that may make it more appealing to criminals than PowerShell. [Both C# and Powershell use the .NET runtime.] A Forcepoint researcher has summarized the evolvement of attack techniques in recent years, particularly looking at a recent security issue related to C# in a .NET utility in terms of fileless attacks. From the article: A recent example of C# being used for offensive purposes is the PowerShell/C# 'combo attack' noted by Xavier Mertens earlier this month in which a malware sample used PowerShell to compile C# code on the fly. Also, a collection of adversary tools implemented in C# was released. Further, an improved way was published for injecting shellcode (.NET assembly) into memory via a C# application.... Given recent trends it seems likely that we'll start to see an increased number of attacks that utilize C# -- or combinations of C# and PowerShell such as that featured in Xavier Mertens' SANS blog -- in the coming months.

Read more of this story at Slashdot.

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Why Attackers Are Using C# For Post-PowerShell Attacks






Ähnliche Beiträge

  • 1. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 416.89 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a
  • 2. How to migrate from AzureRM to Az in Azure PowerShell vom 297.35 Punkte ic_school_black_18dp
    On December 18, 2018, the Azure PowerShell team released the first stable version of “Az,” a new cross-platform PowerShell module that will replace AzureRM. You can install this module by running “Install-Module Az” in an elevated PowerShell prompt.
  • 3. Azure PowerShell ‘Az’ Module version 1.0 vom 269.37 Punkte ic_school_black_18dp
    There is a new Azure PowerShell module that is built to harness the power of PowerShell Core and Cloud Shell and maintain compatibility with Windows PowerShell 5.1. Its name is “Az.” Az ensures that Windows PowerShell and PowerShell Core users can
  • 4. Azure.Source – Volume 63 vom 199.42 Punkte ic_school_black_18dp
    Now in preview Transparent Data Encryption (TDE) with customer managed keys for Managed Instance Announces the public preview of Transparent Data Encryption (TDE) with Bring Your Own Key (BYOK) support for Microsoft Azure SQL Database Managed Instance. Azure SQL Database M
  • 5. Azure.Source – Volume 63 vom 199.42 Punkte ic_school_black_18dp
    Now in preview Transparent Data Encryption (TDE) with customer managed keys for Managed Instance Announces the public preview of Transparent Data Encryption (TDE) with Bring Your Own Key (BYOK) support for Microsoft Azure SQL Database Managed Instance. Azure SQL Database M
  • 6. Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk) vom 178.51 Punkte ic_school_black_18dp
    Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate (almost) FUD executable even with the most common 32 bit msfvenom payload (lower detection ratio with 64 bit payloads). The aim of this tool is to make antivirus
  • 7. Phantom Evasion - Python AV Evasion Tool Capable To Generate FUD Executable Even With The Most Common 32 Bit Metasploit Payload (Exe/Elf/Dmg/Apk) vom 178.51 Punkte ic_school_black_18dp
    Phantom-Evasion is an interactive antivirus evasion tool written in python capable to generate (almost) FUD executable even with the most common 32 bit msfvenom payload (lower detection ratio with 64 bit payloads). The aim of this tool is to make antivirus
  • 8. Why Attackers Are Using C# For Post-PowerShell Attacks vom 153.66 Punkte ic_school_black_18dp
    An anonymous Slashdot reader summarizes an article by a senior security researcher at Forecepoint Security Labs: Among cyber criminals, there has been a trend in recent years for using more so called 'fileless' attacks. The driver for this is to avoid
  • 9. Picking Apart Poweliks - Fileless(ish) Malware vom 152.5 Punkte ic_school_black_18dp
    Poweliks is an evasive click-fraud trojan that uses several interesting evasion techniques. It contains both multiple stages and programming languages, and heavily influenced other evasive malware families, such as kovter. No executables persist on the
  • 10. Microsoft Brings PowerShell to the Ubuntu Snap Store vom 109.36 Punkte ic_school_black_18dp
    It’s just got easier to install Microsoft PowerShell on Linux distributions like Ubuntu and Fedora. Microsoft has brought PowerShell Core to the Snap Store as a Snap application. The move allows Linux users and admins on various distros to run the la
  • 11. New Cyberespionage Attacks Linked to MuddyWater Campaign vom 105.04 Punkte ic_school_black_18dp
    Recent attacks targeting organizations in Turkey, Pakistan and Tajikistan appear to be linked to the previously detailed MuddyWater campaigns, according to Trend Micro. The MuddyWater campaigns were named so because of a high level of confusion they managed to create, thus making it difficul
  • 12. New Cyberespionage Attacks Linked to MuddyWater Campaign vom 105.04 Punkte ic_school_black_18dp
    Recent attacks targeting organizations in Turkey, Pakistan and Tajikistan appear to be linked to the previously detailed MuddyWater campaigns, according to Trend Micro. The MuddyWater campaigns were named so because of a high level of confusion they managed to create, thus making it difficul