Obfuscation in Plain Sight

Presented at CackalackyCon 2 (2023), May 7, 2023, 11:30 a.m. (30 minutes).

Discussing leveraging a normal non malicious looking powershell script to hide malicious payloads in a separate file through encryption to mask the combinations of execution commands and web request commands to avoid detection.

Presenters:

• Savvyjuan

Similar Presentations:

• Black Hat USA 2017 / Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
• THOTCON 0x2 (2011) / Hiding in Plain Sight
• DerbyCon 6.0 Recharge (2016) / Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D””e`Tec`T ‘Th’+’em’