Identifying and Limiting the Impact of Malicous Powershell Scripts
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2021) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| Resumen: | PowerShell scripts serve as a valuable administrative asset that can help system administrators with numerous tasks. However, when allowed to execute within a network environment PowerShell scripts can create a vulnerability. The purpose of this research project was to examine how threat actors can adjust PowerShell scripts from being an administrative asset into a nefarious utility capable of compromising a network infrastructure. This research compared and contrasted specific PowerShell commands commonly used to transpose legitimate PowerShell initiated actions into malicious processes upon PowerShell script execution. The results of the research yielded mitigation strategies to carry out in proactive and reactive network security action plans. The efficiency of these security action plans was derived through an explored threat assessment conducted by analyzing the results of PowerShell script-related attacks on various network infrastructures. These researched attacks employed techniques such as fileless malware execution via running a PowerShell script and obfuscation routines implemented to bypass network security solutions. Results of this research project culminated into suggested mitigation efforts that range from Indicator of Compromise (IoC) identification to updating Antivirus (AV) solutions. Furthermore, the research presents data on how indicators are parsed from commonly associated PowerShell script routines, a task that will assist system administrators in conducting triage assessments to identify malicious PowerShell scripts within their network. This research project also highlights system and network security measures that need to be taken to limit the potential of sustaining a consequent malicious PowerShell script incident.Keywords: Malicious PowerShell scripts, PowerShell exploits, PowerShell incident mitigation, Professor Paul Pantani. |
|---|---|
| ISBN: | 9798738621031 |
| Fuente: | ProQuest Dissertations & Theses Global |