SAFE Powershell bypass

PowerShell: Malwares use it without powershell.exe

Windows PowerShell (PS) is a task automation and configuration management framework from Microsoft, it’s a command line shell with its own associated scripting language. Powershell was built on DotNet Framework. PS is often used in cyber attacks to run malicious code stealthy on a target computer, but calling powershell.exe can be detected by security solutions. To avoid this, malwares can use …

Load/Inject malicious DLL using Microsoft Tools

More and more malware are relying on Microsoft tools to hide their malicious activity and damage the system. These tools can be used to bypass security products which trust Microsoft signed binary, and can be a serious alternative to rundll32 to execute malicious DLL like NotPetya or Wannacry. In this article we will see how some Microsoft tools can be used …