recentpopularlog in

whip_lash : obfuscation   9

Hani's blog: Making Nmap Scripting Engine stealthier
 You can find the default value in /usr/share/nmap/nselib/http.lua (At the beginning of the file, a couple of lines after the comments)

local USER_AGENT = stdnse.get_script_args('http.useragent') or "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)"

and change it to something more stealthy (default User Agent of Firefox on Windows 7 for example).
nmap  scanning  obfuscation 
april 2019 by whip_lash
GitHub - Bashfuscator/Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.
Favorite tweet:

Introducing Bashfuscator : A fully configurable and extendable Bash obfuscation framework : https://t.co/vOjDFzSQmF cc @capnspacehook

— Binni Shah (@binitamshah) January 14, 2019
bash  obfuscation  pentest 
january 2019 by whip_lash
InfoSec Handlers Diary Blog - Malicious Powershell Script Dissection
Most of them will be heavily obfuscated to make them unreadable and undetectable by security tools. The one that I found was not obfuscated to make it unreadable for the human but was strong enough to defeat most of the antivirus engines. The current VT score remains only 3/57[1] (SHA256: 01fd7fdb435d60544d95f420f7813e6a30b6fa64bf4f1522053144a02f961e39). The obfuscation was based on two techniques:
powershell  malware  obfuscation 
november 2018 by whip_lash
Hexacorn | Blog
If you run ‘powershell <0x2000 spaces> calc’ you will spawn Windows Calculator.

What will you see in the logs?

This:

JUST A POWERSHELL COMMANDLINE
obfuscation  logging  pentest  windows  security 
june 2018 by whip_lash

Copy this bookmark:





to read