该资源详细介绍Powershell脚本混淆、解混淆、抽象语法树提取、token提取、恶意性检测等内容,希望对您有所帮助!
LotL离地攻击:
作者博客:
- Powershell恶意代码检测 (1)论文总结及抽象语法树(AST)提取
- Powershell恶意代码检测 (2)抽象语法树自动提取万字详解
- Powershell恶意代码检测 (3)Token关键词自动提取
- Powershell恶意代码检测 (4)混淆和反混淆
- Powershell恶意代码检测 (5)APT中的Powershell、常用数据集及数据标注实验
(1) Zhenyuan Li, et al. Effective and Light-Weight Deobfuscation and Semantic-Aware Attack Detection for PowerShell Scripts. CCS, 2019: 1831-1847.
- https://dl.acm.org/doi/pdf/10.1145/3319535.3363187
- 浙江大学,最经典的一篇Powershell论文,详细介绍解混淆工作
- https://www.bilibili.com/video/av800038481/
(2) Danny Hendler, et al. Detecting Malicious PowerShell Commands using Deep Neural Networks. AsiaCCS, 2018: 187-197.
(3) Danny Hendler, et al. AMSI-Based Detection of Malicious PowerShell Code Using Contextual Embeddings. AsiaCCS, 2020: 679-693
(4) 刘岳, 刘宝旭, 等. 基于特征组合的Powershell恶意代码检测方法[J]. 信息安全学报, 2021, 6(1): 40-53.
- 中科院信工所
(5) Yong Fang, Xiangyu Zhou, Cheng Huang. Effective method for detecting malicious PowerShell scripts based on hybrid features. Neurocomputing, 448: 30-39 (2021).
(6) 彭国军, 等. 基于深度学习的PowerShell恶意代码家族分类研究[J]. 武汉大学学报(理学版), 2022(1)
- 武汉大学国家网络安全学院
(7) Gili Rusak, et al. AST-Based Deep Learning for Detecting Malicious PowerShell. CCS, 2018: 2276-2278.
- CSAIL, MIT, USA
- https://dl.acm.org/doi/10.1145/3243734.3278496
(8) Chao Liu, et al. PSDEM: A Feasible De-Obfuscation Method for Malicious PowerShell Detection. ISCC, 2018: 825-831.
- 中科院信工所
- https://ieeexplore.ieee.org/document/8538691
(9) Denis Ugarte, et al. PowerDrive: Accurate De-obfuscation and Analysis of PowerShell Malware. DIMVA,2019: 240-259.
- University of Cagliari
- https://link.springer.com/chapter/10.1007/978-3-030-22038-9_12
(10) Jian Zhang, et al. A Novel Neural Source Code Representation Based on Abstract Syntax Tree. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE), 2019.
- C语言抽象语法树
- https://ieeexplore.ieee.org/document/8812062
(11) G. M. Malandrone, G. Virdis, G. Giacinto , D. Maiorca. PowerDecode: a PowerShell Script Decoder Dedicated to Malware Analysis. 5th Italian Conference on CyberSecurity (ITASEC), 2021.
- 解混淆工具
- https://github.com/Malandrone/PowerDecode
(12) C. Xiong, Z. Li, et al. Generic, efficient, and effective deobfuscation and semantic-aware attack detection for PowerShell scripts. Frontiers of Information Technology & Electronic Engineering, vol.23, no.3, 2022, pp. 361-381.
(13) A. Alahmadi, N. Alkhraan, et al. MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder. Computers & Security, vol.116, 2022, p. 102658.
(1) github
- https://github.com/danielbohannon/Invoke-Obfuscation
- https://github.com/Malandrone/PowerDecode
- https://github.com/zhangj111/astnn
- https://github.com/lzybkr/ShowPSAst
- https://github.com/thewhiteninja/deobshell
(2) 其他
- https://powershell.one/powershell-internals/parsing-and-tokenization/abstract-syntax-tree
- https://powershell.one/powershell-internals/parsing-and-tokenization/simple-tokenizer
- https://docs.microsoft.com/en-us/dotnet/api/system.management.automation.psparser.tokenize?view=powershellsdk-7.0.0
By:Eastmount CSDN 2022-03-20