blue-team-tools

Files

T

yt0ng 8ecf167e85 Powershell AMSI Bypass via .NET Reflection

[Ref].Assembly.GetType('http://System.Management .Automation.AmsiUtils').GetField('amsiInitFailed','NonPublic,Static').SetValue($null,$true)

seen in recent activity https://www.hybrid-analysis.com/sample/0ced17419e01663a0cd836c9c2eb925e3031ffb5b18ccf35f4dea5d586d0203e?environmentId=120

2018-08-17 18:26:04 +02:00

builtin

fixed typo

2018-07-13 13:53:21 -05:00

malware

Various rule fixes

2018-03-27 14:35:49 +02:00

other

Moved new rule to sysmon folder

2018-04-11 20:11:54 +02:00

powershell

Fixed bugs

2018-06-27 09:20:41 +02:00

sysmon

Powershell AMSI Bypass via .NET Reflection

2018-08-17 18:26:04 +02:00