What is a Power Dhell Attack?

Started by Geek-9pm, December 19, 2019, 10:16:07 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Geek-9pm

Malware is still a problem.   >:(
Symantec, a computer security firm, has released a 2019 report on  malware. I noticed a short bit about Power Shell in the report. This does not mean you have to stop  using power Shell and other nice tools but it is a warning that the bad guys are getting cleaver.
https://www.symantec.com/security-center/threat-report
Click on the link above and scroll down half a page and see a short video.
They say "Hiding in plain sight: malicious PowerShell scripts up 1000%"
But it is not yet a big thing. The greater threat is from the same old stuff that goes around.


BC_Programmer

That report looks ridiculous. Why can't they just present information without making it look like a terrible sales brochure?

Anyway, it's talking about malicious powershell scripts. That's really all it is. The Melissa Virus from the 90's was "Living off the Land" malware too.

It's unsurprising that a report created by an AV vendor says anything like this. They want to sell you their product.
I was trying to dereference Null Pointers before it was cool.

BC_Programmer

I was trying to dereference Null Pointers before it was cool.

gorge441

PowerShell is a powerful scripting language that provides unprecedented access to a machine's inner core, including unrestricted access to Windows APIs. ... Using PowerShell in a fileless malware attack completely blurs the line between compromising a single machine and compromising the entire enterprise

BC_Programmer

That is word for word what is written on a 3 year old "Cyberreason" blog post. It's just more security circus bullcrap, in this case they are talking up the "danger" in order to sell their crappy security product. Are you a spammer too?

From the blog post in question:
QuoteTraditional approaches to security are rendered useless in the face of these attacks because PowerShell is highly reputable, has a trusted signature, is loaded directly through system memory (which cannot be scanned using heuristics) and has unrestricted access to the OS because it's an integral part of Windows.

What a load of garbage. "loaded through system memory"? What is that supposed to mean? What applications aren't loaded through "system memory"? Do they mean that Power shell is in the Windows System folders? If so, do they not know the difference between Memory and Storage? and if that is the case why should they be trusted for anything computer-related?. It's like going to an electrician only to find out they don't know the difference between static electricity and current electricity.

They also leave out that this still requires access to the machine.... the attack still has to run powershell to begin with. It's talking up the danger in order to sell their crap, just like every security endpoint vendor. "Buy our product to protect yourself from internet boogeymen".
I was trying to dereference Null Pointers before it was cool.

gorge441

Of course not, I searched a little bit online and i got this.