From 82ee4995758da61ea0b9dd60606018b2d9deb384 Mon Sep 17 00:00:00 2001 From: mether049 Date: Sun, 23 Feb 2020 23:27:01 +0900 Subject: [PATCH] Update malware-tech_ref_and_memo.md --- malware-tech_ref_and_memo.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/malware-tech_ref_and_memo.md b/malware-tech_ref_and_memo.md index 9cdd019..877ad89 100644 --- a/malware-tech_ref_and_memo.md +++ b/malware-tech_ref_and_memo.md @@ -121,7 +121,7 @@ OpenProcessPrototype OpenProcess = (OpenProcessPrototype)GetProcAddress(kernel32 - 難読化ツール
[Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) - PS内の文字列(Mimikatz,DumpCreds,コメント,etc.)の置換のみでVirusTotal上でMimikatzの検知率を0にしたという検証
-[How to Bypass Anti-Virus to Run Mimikatz](https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/) +[How to Bypass Anti-Virus to Run Mimikatz,2017](https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/) - Powershell Script内で用いられる難読化技術について ### Case-insensitive - コマンドレット名や変数名に大文字,小文字を混ぜる