I need to make some actual docs for these. For now, the names are descriptive and mostly accurate.
A collection of PowerShell malware techniques I've come across while examining malware.
All samples are harmless (relatively speaking. Non-malicious files are dropped and changes enacted). They will (hopefully) trigger alerts, however.
Most samples are taken/inspired from malware samples. Typically, links to related blog post analyses will be included in the code samples.
- Persistence_001
- Registry file association changes
- Startup shortcut creation
- ProcessInjection_001
- Shellcode injection into the active terminal process
- Command&Control_001
- A basic C2 example in PowerShell and Python.
- The source file includes the accompanying Python http.server code as a comment.