Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: What is a Power Dhell Attack?  (Read 165127 times)

0 Members and 1 Guest are viewing this topic.

Geek-9pm

    Topic Starter

    Mastermind
  • Geek After Dark
  • Thanked: 1026
    • Gekk9pm bnlog
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows 10
What is a Power Dhell Attack?
« on: December 19, 2019, 10:16:07 PM »
Malware is still a problem.   >:(
Symantec, a computer security firm, has released a 2019 report on  malware. I noticed a short bit about Power Shell in the report. This does not mean you have to stop  using power Shell and other nice tools but it is a warning that the bad guys are getting cleaver.
https://www.symantec.com/security-center/threat-report
Click on the link above and scroll down half a page and see a short video.
They say "Hiding in plain sight: malicious PowerShell scripts up 1000%"
But it is not yet a big thing. The greater threat is from the same old stuff that goes around.


BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1140
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 11
Re: What is a Power Dhell Attack?
« Reply #1 on: December 19, 2019, 10:59:11 PM »
That report looks ridiculous. Why can't they just present information without making it look like a terrible sales brochure?

Anyway, it's talking about malicious powershell scripts. That's really all it is. The Melissa Virus from the 90's was "Living off the Land" malware too.

It's unsurprising that a report created by an AV vendor says anything like this. They want to sell you their product.
I was trying to dereference Null Pointers before it was cool.

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1140
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 11
Re: What is a Power Dhell Attack?
« Reply #2 on: March 27, 2020, 02:43:12 PM »
Above comment was Copy-pasted from this two year old reddit comment.
I was trying to dereference Null Pointers before it was cool.

gorge441



    Rookie
  • Thanked: 2
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 8
Re: What is a Power Dhell Attack?
« Reply #3 on: March 27, 2020, 03:49:12 PM »
PowerShell is a powerful scripting language that provides unprecedented access to a machine's inner core, including unrestricted access to Windows APIs. ... Using PowerShell in a fileless malware attack completely blurs the line between compromising a single machine and compromising the entire enterprise

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1140
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 11
Re: What is a Power Dhell Attack?
« Reply #4 on: March 27, 2020, 04:44:58 PM »
That is word for word what is written on a 3 year old "Cyberreason" blog post. It's just more security circus bullcrap, in this case they are talking up the "danger" in order to sell their crappy security product. Are you a spammer too?

From the blog post in question:
Quote
Traditional approaches to security are rendered useless in the face of these attacks because PowerShell is highly reputable, has a trusted signature, is loaded directly through system memory (which cannot be scanned using heuristics) and has unrestricted access to the OS because itís an integral part of Windows.

What a load of garbage. "loaded through system memory"? What is that supposed to mean? What applications aren't loaded through "system memory"? Do they mean that Power shell is in the Windows System folders? If so, do they not know the difference between Memory and Storage? and if that is the case why should they be trusted for anything computer-related?. It's like going to an electrician only to find out they don't know the difference between static electricity and current electricity.

They also leave out that this still requires access to the machine.... the attack still has to run powershell to begin with. It's talking up the danger in order to sell their crap, just like every security endpoint vendor. "Buy our product to protect yourself from internet boogeymen".
I was trying to dereference Null Pointers before it was cool.

gorge441



    Rookie
  • Thanked: 2
  • Computer: Specs
  • Experience: Familiar
  • OS: Windows 8
Re: What is a Power Dhell Attack?
« Reply #5 on: April 04, 2020, 12:48:12 AM »
Of course not, I searched a little bit online and i got this.