In part 1 of this blog post, we looked at how .NET has become an increasingly important component in the offensive world, with attackers making increasing direct use of it as well as years of indirect use of it via powershell. We then covered some of the differences between .NET assembly loading vs traditional native […]| F-Secure Blog
Threats & Research | F-Secure Blog
PowerShell has been a staple of offensive tooling for many years now due to its power, prevalence and simplicity. Consequently, Microsoft began introducing better logging options for PowerShell, as well as plugging it in to the Anti-Malware Scan Interface (AMSI) – meaning the industry became much better at spotting malicious PowerShell. However, techniques then evolved […]| F-Secure Blog