1
0
mirror of https://github.com/nganhkhoa/malware.git synced 2024-06-10 21:32:07 +07:00

Update malware-tech_ref_and_memo.md

This commit is contained in:
mether049 2020-02-23 23:27:01 +09:00 committed by GitHub
parent b0d22c843f
commit 82ee499575
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -121,7 +121,7 @@ OpenProcessPrototype OpenProcess = (OpenProcessPrototype)GetProcAddress(kernel32
- 難読化ツール<br> - 難読化ツール<br>
[Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) [Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation)
- PS内の文字列(Mimikatz,DumpCreds,コメントetc.)の置換のみでVirusTotal上でMimikatzの検知率を0にしたという検証<br> - PS内の文字列(Mimikatz,DumpCreds,コメントetc.)の置換のみでVirusTotal上でMimikatzの検知率を0にしたという検証<br>
[How to Bypass Anti-Virus to Run Mimikatz](https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/) [How to Bypass Anti-Virus to Run Mimikatz,2017](https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/)
- Powershell Script内で用いられる難読化技術について - Powershell Script内で用いられる難読化技術について
### Case-insensitive ### Case-insensitive
- コマンドレット名や変数名に大文字,小文字を混ぜる - コマンドレット名や変数名に大文字,小文字を混ぜる