Cyber Security Weekly Podcast

Cyber Security Weekly Podcast


Episode 348 - PowerShell Script Malware Detection

February 26, 2023

Shota Shinogi is a security researcher at Macnica (Japan), pentest tools author and CTF organizer.

 

He is an expert in writting malware for Red Team purpose and to evade the detection from EDR, sandbox, IPS, antivirus and other security solutions.

 

He has more than 10 years experience on the Cyber security industries, starting his carrier with HDD Encryption, NAC, IPS, WAF, Sandbox. He has spoken in several security/hacking conferences; Black Hat, DEF CON, BSides.

 

He is also contributing for the education for the next generation security engineer through the Security Camp from 2015 consecutively in Japan.

 

In this interview, Shinogi gave highlights of his hackathon session (as an instructor at the Global Cybersecurity Camp 2023) on PowerShell based Malware detection

 

He shared the key factors behind PowerShell’s potency (a default tools on Windows, file-less, and hundreds of methods to obfuscate the script, making detection even that much harder).

 

However, with the logging feature built by Microsoft, it is possible to build tools to detect malicious PowerShell script.

 

Shinogi noted the approaches that the impressive results delivered by the hackathon – there were even AI-based algorithms to filter out malicious PowerShell scripts.

 

Recorded 16th February 2023, 4.30pm, ASEAN Cybersecurity Centre of Excellence Singapore, at the Global Cybersecurity Camp 2023 Singapore.