IFIP Advances in Information and Communication Technology
 2020
DOI: 10.1007/978-3-030-58201-2_13
|View full text |Cite
|
Sign up to set email alerts
|

IMShell-Dec: Pay More Attention to External Links in PowerShell

Ruidong Han
1
,
Chao Yang
2
,
Jianfeng Ma
3
et al.

Abstract: Windows proposes the PowerShell shell command line to substitute the traditional CMD. However, it is often utilized by the attacker to invade the victim because of its versatile functionality. In this paper, we investigate an attack combined PowerShell and image steganography. Compared with the traditional method, this attack can deceive the defender by hiding its malicious contents in benign images. To effectively detect this attack, we propose a framework IMShell-Dec, whose main target is to check external l… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
1
1
1

Relationship

0
3

Authors

Journals

citations
Cited by 3 publications
(2 citation statements)
references
References 19 publications
0
2
0
Order By: Relevance
“…In recent years, Invoke-PSImage has been exploited by Powload (spotted in the first half of 2018), and it is still in the toolbox of different incarnations of Emotet and Bebloh. 9,10 It is also the basis of stages for dropping payloads on the host of the victim in malicious software like the Greystar ransomware and some variants of Ursnif. 11 Another notable utilization concerns the creation of backdoors, as it happens in Bandook.…”
Section: The Case Of Invoke-psimagementioning
confidence: 99%
See 1 more Smart Citation

Never Mind the Malware, Here’s the Stegomalware

Caviglione
1
,
Mazurczyk
2
2022
IEEE Secur. Privacy
15
0
0
0
View full textAdd to dashboardCite
“…In recent years, Invoke-PSImage has been exploited by Powload (spotted in the first half of 2018), and it is still in the toolbox of different incarnations of Emotet and Bebloh. 9,10 It is also the basis of stages for dropping payloads on the host of the victim in malicious software like the Greystar ransomware and some variants of Ursnif. 11 Another notable utilization concerns the creation of backdoors, as it happens in Bandook.…”
Section: The Case Of Invoke-psimagementioning
confidence: 99%
“…13 For the case of threats targeting images, some ad-hoc products are becoming available, e.g., the Steganography Defensive Initiative of McAfee, 14 but they do not appear mature enough for large-scale utilization. 10 The researchers and security experts genuinely concerned with stegomalware should then consider the following four principles when engineering defensive strategies.…”
Section: What's Next?mentioning
confidence: 99%

Never Mind the Malware, Here’s the Stegomalware

Caviglione
1
,
Mazurczyk
2
2022
IEEE Secur. Privacy
15
0
0
0
View full textAdd to dashboardCite

Erasing the Shadow: Sanitization of Images with Malicious Payloads Using Deep Autoencoders

Liguori,
Zuppelli,
Gallo
et al. 2024
Lecture Notes in Computer Science
0
0
0
0
View full textAdd to dashboardCite

Revealing MageCart-like Threats in Favicons via Artificial Intelligence

Guarascio1,
Zuppelli
2
,
Cassavia3
et al. 2022
Proceedings of the 17th International Conference on Availability, Reliability and Security
4
0
0
0
View full textAdd to dashboardCite
scite logo

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product
Browser ExtensionAssistant by sciteCitation Statement SearchReference CheckVisualizationsDashboardsExplore JournalsExplore OrganizationsExplore FundersEmbedding BadgeEmbedding Citation SearchPricing
Resources
BlogHelp & FAQAccessibility StatementAPI TermsFor Universities & GovernmentsFor ResearchersFor PublishersFor Corporate, Pharma & EnterpriseAuthor MarketingBecome an AffiliateGet an organization trial or quotescite Data & Services
About
News & PressCareersRead our PaperCoverage

BlogTerms and ConditionsAPI TermsPrivacy PolicyContactCookie PreferencesDo Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.