Dan Kiraly

Senior Research Analyst

Dan Kiraly is senior research analyst on Optiv’s partner research and strategy team. In this role he responsible for use case development and the vetting of security products for Optiv.

 

Unmanaged PowerShell Binaries and Endpoint Protection – Part 2

· By Dan Kiraly ·

In my last blog post, I discussed the process of creating a binary that contained a reverse PowerShell payload, only it did not leverage PowerShell.exe or PowerShell_ISE.exe. The binary talked directly to the .NET Framework. This binary proved very successful in bypassing endpoint vendors in Optiv’s 2017 endpoint research. In this blog I will build on the previous post by introducing obfuscation to the code, which will make detection more difficult.

Continue reading

Unmanaged PowerShell Binaries and Endpoint Protection

· By Dan Kiraly ·

Optiv recently completed our 2017 endpoint security solution evaluation. The primary focus of the evaluation was to test the solutions’ efficacy across the cyber kill chain. Surprisingly, we discovered a high failure rate in detecting two custom binaries that were created for the evaluation as malicious and the commands executed through them. Both of these binaries incorporated the concept of unmanaged PowerShell.

Continue reading
(2 Results)